phpseclib/File/X509.php
- 1
<?php
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48 if (!class_exists('File_ASN1')) {
- 49 include_once 'ASN1.php';
- 50 }
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59 define('FILE_X509_VALIDATE_SIGNATURE_BY_CA', 1);
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68 define('FILE_X509_DN_ARRAY', 0);
- 69
- 70
- 71
- 72 define('FILE_X509_DN_STRING', 1);
- 73
- 74
- 75
- 76 define('FILE_X509_DN_ASN1', 2);
- 77
- 78
- 79
- 80 define('FILE_X509_DN_OPENSSL', 3);
- 81
- 82
- 83
- 84 define('FILE_X509_DN_CANON', 4);
- 85
- 86
- 87
- 88 define('FILE_X509_DN_HASH', 5);
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102 define('FILE_X509_FORMAT_PEM', 0);
- 103
- 104
- 105
- 106 define('FILE_X509_FORMAT_DER', 1);
- 107
- 108
- 109
- 110
- 111
- 112 define('FILE_X509_FORMAT_SPKAC', 2);
- 113
- 114
- 115
- 116
- 117
- 118 define('FILE_X509_FORMAT_AUTO_DETECT', 3);
- 119
- 120
- 121
- 122
- 123
- 124
- 125 define('FILE_X509_ATTR_ALL', -1);
- 126 define('FILE_X509_ATTR_APPEND', -2);
- 127 define('FILE_X509_ATTR_REPLACE', -3);
- 128
- 129
- 130
- 131
- 132
- 133
- 134
- 135
- 136 class File_X509
- 137 {
- 138
- 139
- 140
- 141
- 142
- 143
- 144 var $Certificate;
- 145
- 146
- 147
- 148
- 149
- 150
- 151 var $DirectoryString;
- 152 var $PKCS9String;
- 153 var $AttributeValue;
- 154 var $Extensions;
- 155 var $KeyUsage;
- 156 var $ExtKeyUsageSyntax;
- 157 var $BasicConstraints;
- 158 var $KeyIdentifier;
- 159 var $CRLDistributionPoints;
- 160 var $AuthorityKeyIdentifier;
- 161 var $CertificatePolicies;
- 162 var $AuthorityInfoAccessSyntax;
- 163 var $SubjectAltName;
- 164 var $SubjectDirectoryAttributes;
- 165 var $PrivateKeyUsagePeriod;
- 166 var $IssuerAltName;
- 167 var $PolicyMappings;
- 168 var $NameConstraints;
- 169
- 170 var $CPSuri;
- 171 var $UserNotice;
- 172
- 173 var $netscape_cert_type;
- 174 var $netscape_comment;
- 175 var $netscape_ca_policy_url;
- 176
- 177 var $Name;
- 178 var $RelativeDistinguishedName;
- 179 var $CRLNumber;
- 180 var $CRLReason;
- 181 var $IssuingDistributionPoint;
- 182 var $InvalidityDate;
- 183 var $CertificateIssuer;
- 184 var $HoldInstructionCode;
- 185 var $SignedPublicKeyAndChallenge;
- 186
- 187
- 188
- 189
- 190
- 191
- 192
- 193 var $PostalAddress;
- 194
- 195
- 196
- 197
- 198
- 199
- 200
- 201
- 202 var $CertificationRequest;
- 203
- 204
- 205
- 206
- 207
- 208
- 209
- 210 var $CertificateList;
- 211
- 212
- 213
- 214
- 215
- 216
- 217
- 218 var $dn;
- 219
- 220
- 221
- 222
- 223
- 224
- 225
- 226 var $publicKey;
- 227
- 228
- 229
- 230
- 231
- 232
- 233
- 234 var $privateKey;
- 235
- 236
- 237
- 238
- 239
- 240
- 241
- 242
- 243 var $oids;
- 244
- 245
- 246
- 247
- 248
- 249
- 250
- 251 var $CAs;
- 252
- 253
- 254
- 255
- 256
- 257
- 258
- 259 var $currentCert;
- 260
- 261
- 262
- 263
- 264
- 265
- 266
- 267
- 268
- 269
- 270 var $signatureSubject;
- 271
- 272
- 273
- 274
- 275
- 276
- 277
- 278 var $startDate;
- 279
- 280
- 281
- 282
- 283
- 284
- 285
- 286 var $endDate;
- 287
- 288
- 289
- 290
- 291
- 292
- 293
- 294 var $serialNumber;
- 295
- 296
- 297
- 298
- 299
- 300
- 301
- 302
- 303
- 304
- 305 var $currentKeyIdentifier;
- 306
- 307
- 308
- 309
- 310
- 311
- 312
- 313 var $caFlag = false;
- 314
- 315
- 316
- 317
- 318
- 319
- 320
- 321 var $challenge;
- 322
- 323
- 324
- 325
- 326
- 327
- 328
- 329 function __construct()
- 330 {
- 331 if (!class_exists('Math_BigInteger')) {
- 332 include_once 'Math/BigInteger.php';
- 333 }
- 334
- 335
- 336
- 337
- 338 $this->DirectoryString = array(
- 339 'type' => FILE_ASN1_TYPE_CHOICE,
- 340 'children' => array(
- 341 'teletexString' => array('type' => FILE_ASN1_TYPE_TELETEX_STRING),
- 342 'printableString' => array('type' => FILE_ASN1_TYPE_PRINTABLE_STRING),
- 343 'universalString' => array('type' => FILE_ASN1_TYPE_UNIVERSAL_STRING),
- 344 'utf8String' => array('type' => FILE_ASN1_TYPE_UTF8_STRING),
- 345 'bmpString' => array('type' => FILE_ASN1_TYPE_BMP_STRING)
- 346 )
- 347 );
- 348
- 349 $this->PKCS9String = array(
- 350 'type' => FILE_ASN1_TYPE_CHOICE,
- 351 'children' => array(
- 352 'ia5String' => array('type' => FILE_ASN1_TYPE_IA5_STRING),
- 353 'directoryString' => $this->DirectoryString
- 354 )
- 355 );
- 356
- 357 $this->AttributeValue = array('type' => FILE_ASN1_TYPE_ANY);
- 358
- 359 $AttributeType = array('type' => FILE_ASN1_TYPE_OBJECT_IDENTIFIER);
- 360
- 361 $AttributeTypeAndValue = array(
- 362 'type' => FILE_ASN1_TYPE_SEQUENCE,
- 363 'children' => array(
- 364 'type' => $AttributeType,
- 365 'value'=> $this->AttributeValue
- 366 )
- 367 );
- 368
- 369
- 370
- 371
- 372
- 373
- 374
- 375
- 376 $this->RelativeDistinguishedName = array(
- 377 'type' => FILE_ASN1_TYPE_SET,
- 378 'min' => 1,
- 379 'max' => -1,
- 380 'children' => $AttributeTypeAndValue
- 381 );
- 382
- 383
- 384 $RDNSequence = array(
- 385 'type' => FILE_ASN1_TYPE_SEQUENCE,
- 386
- 387 'min' => 0,
- 388 'max' => -1,
- 389 'children' => $this->RelativeDistinguishedName
- 390 );
- 391
- 392 $this->Name = array(
- 393 'type' => FILE_ASN1_TYPE_CHOICE,
- 394 'children' => array(
- 395 'rdnSequence' => $RDNSequence
- 396 )
- 397 );
- 398
- 399
- 400 $AlgorithmIdentifier = array(
- 401 'type' => FILE_ASN1_TYPE_SEQUENCE,
- 402 'children' => array(
- 403 'algorithm' => array('type' => FILE_ASN1_TYPE_OBJECT_IDENTIFIER),
- 404 'parameters' => array(
- 405 'type' => FILE_ASN1_TYPE_ANY,
- 406 'optional' => true
- 407 )
- 408 )
- 409 );
- 410
- 411
- 412
- 413
- 414
- 415
- 416
- 417
- 418 $Extension = array(
- 419 'type' => FILE_ASN1_TYPE_SEQUENCE,
- 420 'children' => array(
- 421 'extnId' => array('type' => FILE_ASN1_TYPE_OBJECT_IDENTIFIER),
- 422 'critical' => array(
- 423 'type' => FILE_ASN1_TYPE_BOOLEAN,
- 424 'optional' => true,
- 425 'default' => false
- 426 ),
- 427 'extnValue' => array('type' => FILE_ASN1_TYPE_OCTET_STRING)
- 428 )
- 429 );
- 430
- 431 $this->Extensions = array(
- 432 'type' => FILE_ASN1_TYPE_SEQUENCE,
- 433 'min' => 1,
- 434
- 435 'max' => -1,
- 436
- 437 'children' => $Extension
- 438 );
- 439
- 440 $SubjectPublicKeyInfo = array(
- 441 'type' => FILE_ASN1_TYPE_SEQUENCE,
- 442 'children' => array(
- 443 'algorithm' => $AlgorithmIdentifier,
- 444 'subjectPublicKey' => array('type' => FILE_ASN1_TYPE_BIT_STRING)
- 445 )
- 446 );
- 447
- 448 $UniqueIdentifier = array('type' => FILE_ASN1_TYPE_BIT_STRING);
- 449
- 450 $Time = array(
- 451 'type' => FILE_ASN1_TYPE_CHOICE,
- 452 'children' => array(
- 453 'utcTime' => array('type' => FILE_ASN1_TYPE_UTC_TIME),
- 454 'generalTime' => array('type' => FILE_ASN1_TYPE_GENERALIZED_TIME)
- 455 )
- 456 );
- 457
- 458
- 459 $Validity = array(
- 460 'type' => FILE_ASN1_TYPE_SEQUENCE,
- 461 'children' => array(
- 462 'notBefore' => $Time,
- 463 'notAfter' => $Time
- 464 )
- 465 );
- 466
- 467 $CertificateSerialNumber = array('type' => FILE_ASN1_TYPE_INTEGER);
- 468
- 469 $Version = array(
- 470 'type' => FILE_ASN1_TYPE_INTEGER,
- 471 'mapping' => array('v1', 'v2', 'v3')
- 472 );
- 473
- 474
- 475 $TBSCertificate = array(
- 476 'type' => FILE_ASN1_TYPE_SEQUENCE,
- 477 'children' => array(
- 478
- 479
- 480 'version' => array(
- 481 'constant' => 0,
- 482 'optional' => true,
- 483 'explicit' => true,
- 484 'default' => 'v1'
- 485 ) + $Version,
- 486 'serialNumber' => $CertificateSerialNumber,
- 487 'signature' => $AlgorithmIdentifier,
- 488 'issuer' => $this->Name,
- 489 'validity' => $Validity,
- 490 'subject' => $this->Name,
- 491 'subjectPublicKeyInfo' => $SubjectPublicKeyInfo,
- 492
- 493 'issuerUniqueID' => array(
- 494 'constant' => 1,
- 495 'optional' => true,
- 496 'implicit' => true
- 497 ) + $UniqueIdentifier,
- 498 'subjectUniqueID' => array(
- 499 'constant' => 2,
- 500 'optional' => true,
- 501 'implicit' => true
- 502 ) + $UniqueIdentifier,
- 503
- 504
- 505 'extensions' => array(
- 506 'constant' => 3,
- 507 'optional' => true,
- 508 'explicit' => true
- 509 ) + $this->Extensions
- 510 )
- 511 );
- 512
- 513 $this->Certificate = array(
- 514 'type' => FILE_ASN1_TYPE_SEQUENCE,
- 515 'children' => array(
- 516 'tbsCertificate' => $TBSCertificate,
- 517 'signatureAlgorithm' => $AlgorithmIdentifier,
- 518 'signature' => array('type' => FILE_ASN1_TYPE_BIT_STRING)
- 519 )
- 520 );
- 521
- 522 $this->KeyUsage = array(
- 523 'type' => FILE_ASN1_TYPE_BIT_STRING,
- 524 'mapping' => array(
- 525 'digitalSignature',
- 526 'nonRepudiation',
- 527 'keyEncipherment',
- 528 'dataEncipherment',
- 529 'keyAgreement',
- 530 'keyCertSign',
- 531 'cRLSign',
- 532 'encipherOnly',
- 533 'decipherOnly'
- 534 )
- 535 );
- 536
- 537 $this->BasicConstraints = array(
- 538 'type' => FILE_ASN1_TYPE_SEQUENCE,
- 539 'children' => array(
- 540 'cA' => array(
- 541 'type' => FILE_ASN1_TYPE_BOOLEAN,
- 542 'optional' => true,
- 543 'default' => false
- 544 ),
- 545 'pathLenConstraint' => array(
- 546 'type' => FILE_ASN1_TYPE_INTEGER,
- 547 'optional' => true
- 548 )
- 549 )
- 550 );
- 551
- 552 $this->KeyIdentifier = array('type' => FILE_ASN1_TYPE_OCTET_STRING);
- 553
- 554 $OrganizationalUnitNames = array(
- 555 'type' => FILE_ASN1_TYPE_SEQUENCE,
- 556 'min' => 1,
- 557 'max' => 4,
- 558 'children' => array('type' => FILE_ASN1_TYPE_PRINTABLE_STRING)
- 559 );
- 560
- 561 $PersonalName = array(
- 562 'type' => FILE_ASN1_TYPE_SET,
- 563 'children' => array(
- 564 'surname' => array(
- 565 'type' => FILE_ASN1_TYPE_PRINTABLE_STRING,
- 566 'constant' => 0,
- 567 'optional' => true,
- 568 'implicit' => true
- 569 ),
- 570 'given-name' => array(
- 571 'type' => FILE_ASN1_TYPE_PRINTABLE_STRING,
- 572 'constant' => 1,
- 573 'optional' => true,
- 574 'implicit' => true
- 575 ),
- 576 'initials' => array(
- 577 'type' => FILE_ASN1_TYPE_PRINTABLE_STRING,
- 578 'constant' => 2,
- 579 'optional' => true,
- 580 'implicit' => true
- 581 ),
- 582 'generation-qualifier' => array(
- 583 'type' => FILE_ASN1_TYPE_PRINTABLE_STRING,
- 584 'constant' => 3,
- 585 'optional' => true,
- 586 'implicit' => true
- 587 )
- 588 )
- 589 );
- 590
- 591 $NumericUserIdentifier = array('type' => FILE_ASN1_TYPE_NUMERIC_STRING);
- 592
- 593 $OrganizationName = array('type' => FILE_ASN1_TYPE_PRINTABLE_STRING);
- 594
- 595 $PrivateDomainName = array(
- 596 'type' => FILE_ASN1_TYPE_CHOICE,
- 597 'children' => array(
- 598 'numeric' => array('type' => FILE_ASN1_TYPE_NUMERIC_STRING),
- 599 'printable' => array('type' => FILE_ASN1_TYPE_PRINTABLE_STRING)
- 600 )
- 601 );
- 602
- 603 $TerminalIdentifier = array('type' => FILE_ASN1_TYPE_PRINTABLE_STRING);
- 604
- 605 $NetworkAddress = array('type' => FILE_ASN1_TYPE_NUMERIC_STRING);
- 606
- 607 $AdministrationDomainName = array(
- 608 'type' => FILE_ASN1_TYPE_CHOICE,
- 609
- 610
- 611 'class' => FILE_ASN1_CLASS_APPLICATION,
- 612 'cast' => 2,
- 613 'children' => array(
- 614 'numeric' => array('type' => FILE_ASN1_TYPE_NUMERIC_STRING),
- 615 'printable' => array('type' => FILE_ASN1_TYPE_PRINTABLE_STRING)
- 616 )
- 617 );
- 618
- 619 $CountryName = array(
- 620 'type' => FILE_ASN1_TYPE_CHOICE,
- 621
- 622
- 623 'class' => FILE_ASN1_CLASS_APPLICATION,
- 624 'cast' => 1,
- 625 'children' => array(
- 626 'x121-dcc-code' => array('type' => FILE_ASN1_TYPE_NUMERIC_STRING),
- 627 'iso-3166-alpha2-code' => array('type' => FILE_ASN1_TYPE_PRINTABLE_STRING)
- 628 )
- 629 );
- 630
- 631 $AnotherName = array(
- 632 'type' => FILE_ASN1_TYPE_SEQUENCE,
- 633 'children' => array(
- 634 'type-id' => array('type' => FILE_ASN1_TYPE_OBJECT_IDENTIFIER),
- 635 'value' => array(
- 636 'type' => FILE_ASN1_TYPE_ANY,
- 637 'constant' => 0,
- 638 'optional' => true,
- 639 'explicit' => true
- 640 )
- 641 )
- 642 );
- 643
- 644 $ExtensionAttribute = array(
- 645 'type' => FILE_ASN1_TYPE_SEQUENCE,
- 646 'children' => array(
- 647 'extension-attribute-type' => array(
- 648 'type' => FILE_ASN1_TYPE_PRINTABLE_STRING,
- 649 'constant' => 0,
- 650 'optional' => true,
- 651 'implicit' => true
- 652 ),
- 653 'extension-attribute-value' => array(
- 654 'type' => FILE_ASN1_TYPE_ANY,
- 655 'constant' => 1,
- 656 'optional' => true,
- 657 'explicit' => true
- 658 )
- 659 )
- 660 );
- 661
- 662 $ExtensionAttributes = array(
- 663 'type' => FILE_ASN1_TYPE_SET,
- 664 'min' => 1,
- 665 'max' => 256,
- 666 'children' => $ExtensionAttribute
- 667 );
- 668
- 669 $BuiltInDomainDefinedAttribute = array(
- 670 'type' => FILE_ASN1_TYPE_SEQUENCE,
- 671 'children' => array(
- 672 'type' => array('type' => FILE_ASN1_TYPE_PRINTABLE_STRING),
- 673 'value' => array('type' => FILE_ASN1_TYPE_PRINTABLE_STRING)
- 674 )
- 675 );
- 676
- 677 $BuiltInDomainDefinedAttributes = array(
- 678 'type' => FILE_ASN1_TYPE_SEQUENCE,
- 679 'min' => 1,
- 680 'max' => 4,
- 681 'children' => $BuiltInDomainDefinedAttribute
- 682 );
- 683
- 684 $BuiltInStandardAttributes = array(
- 685 'type' => FILE_ASN1_TYPE_SEQUENCE,
- 686 'children' => array(
- 687 'country-name' => array('optional' => true) + $CountryName,
- 688 'administration-domain-name' => array('optional' => true) + $AdministrationDomainName,
- 689 'network-address' => array(
- 690 'constant' => 0,
- 691 'optional' => true,
- 692 'implicit' => true
- 693 ) + $NetworkAddress,
- 694 'terminal-identifier' => array(
- 695 'constant' => 1,
- 696 'optional' => true,
- 697 'implicit' => true
- 698 ) + $TerminalIdentifier,
- 699 'private-domain-name' => array(
- 700 'constant' => 2,
- 701 'optional' => true,
- 702 'explicit' => true
- 703 ) + $PrivateDomainName,
- 704 'organization-name' => array(
- 705 'constant' => 3,
- 706 'optional' => true,
- 707 'implicit' => true
- 708 ) + $OrganizationName,
- 709 'numeric-user-identifier' => array(
- 710 'constant' => 4,
- 711 'optional' => true,
- 712 'implicit' => true
- 713 ) + $NumericUserIdentifier,
- 714 'personal-name' => array(
- 715 'constant' => 5,
- 716 'optional' => true,
- 717 'implicit' => true
- 718 ) + $PersonalName,
- 719 'organizational-unit-names' => array(
- 720 'constant' => 6,
- 721 'optional' => true,
- 722 'implicit' => true
- 723 ) + $OrganizationalUnitNames
- 724 )
- 725 );
- 726
- 727 $ORAddress = array(
- 728 'type' => FILE_ASN1_TYPE_SEQUENCE,
- 729 'children' => array(
- 730 'built-in-standard-attributes' => $BuiltInStandardAttributes,
- 731 'built-in-domain-defined-attributes' => array('optional' => true) + $BuiltInDomainDefinedAttributes,
- 732 'extension-attributes' => array('optional' => true) + $ExtensionAttributes
- 733 )
- 734 );
- 735
- 736 $EDIPartyName = array(
- 737 'type' => FILE_ASN1_TYPE_SEQUENCE,
- 738 'children' => array(
- 739 'nameAssigner' => array(
- 740 'constant' => 0,
- 741 'optional' => true,
- 742 'implicit' => true
- 743 ) + $this->DirectoryString,
- 744
- 745
- 746 'partyName' => array(
- 747 'constant' => 1,
- 748 'optional' => true,
- 749 'implicit' => true
- 750 ) + $this->DirectoryString
- 751 )
- 752 );
- 753
- 754 $GeneralName = array(
- 755 'type' => FILE_ASN1_TYPE_CHOICE,
- 756 'children' => array(
- 757 'otherName' => array(
- 758 'constant' => 0,
- 759 'optional' => true,
- 760 'implicit' => true
- 761 ) + $AnotherName,
- 762 'rfc822Name' => array(
- 763 'type' => FILE_ASN1_TYPE_IA5_STRING,
- 764 'constant' => 1,
- 765 'optional' => true,
- 766 'implicit' => true
- 767 ),
- 768 'dNSName' => array(
- 769 'type' => FILE_ASN1_TYPE_IA5_STRING,
- 770 'constant' => 2,
- 771 'optional' => true,
- 772 'implicit' => true
- 773 ),
- 774 'x400Address' => array(
- 775 'constant' => 3,
- 776 'optional' => true,
- 777 'implicit' => true
- 778 ) + $ORAddress,
- 779 'directoryName' => array(
- 780 'constant' => 4,
- 781 'optional' => true,
- 782 'explicit' => true
- 783 ) + $this->Name,
- 784 'ediPartyName' => array(
- 785 'constant' => 5,
- 786 'optional' => true,
- 787 'implicit' => true
- 788 ) + $EDIPartyName,
- 789 'uniformResourceIdentifier' => array(
- 790 'type' => FILE_ASN1_TYPE_IA5_STRING,
- 791 'constant' => 6,
- 792 'optional' => true,
- 793 'implicit' => true
- 794 ),
- 795 'iPAddress' => array(
- 796 'type' => FILE_ASN1_TYPE_OCTET_STRING,
- 797 'constant' => 7,
- 798 'optional' => true,
- 799 'implicit' => true
- 800 ),
- 801 'registeredID' => array(
- 802 'type' => FILE_ASN1_TYPE_OBJECT_IDENTIFIER,
- 803 'constant' => 8,
- 804 'optional' => true,
- 805 'implicit' => true
- 806 )
- 807 )
- 808 );
- 809
- 810 $GeneralNames = array(
- 811 'type' => FILE_ASN1_TYPE_SEQUENCE,
- 812 'min' => 1,
- 813 'max' => -1,
- 814 'children' => $GeneralName
- 815 );
- 816
- 817 $this->IssuerAltName = $GeneralNames;
- 818
- 819 $ReasonFlags = array(
- 820 'type' => FILE_ASN1_TYPE_BIT_STRING,
- 821 'mapping' => array(
- 822 'unused',
- 823 'keyCompromise',
- 824 'cACompromise',
- 825 'affiliationChanged',
- 826 'superseded',
- 827 'cessationOfOperation',
- 828 'certificateHold',
- 829 'privilegeWithdrawn',
- 830 'aACompromise'
- 831 )
- 832 );
- 833
- 834 $DistributionPointName = array(
- 835 'type' => FILE_ASN1_TYPE_CHOICE,
- 836 'children' => array(
- 837 'fullName' => array(
- 838 'constant' => 0,
- 839 'optional' => true,
- 840 'implicit' => true
- 841 ) + $GeneralNames,
- 842 'nameRelativeToCRLIssuer' => array(
- 843 'constant' => 1,
- 844 'optional' => true,
- 845 'implicit' => true
- 846 ) + $this->RelativeDistinguishedName
- 847 )
- 848 );
- 849
- 850 $DistributionPoint = array(
- 851 'type' => FILE_ASN1_TYPE_SEQUENCE,
- 852 'children' => array(
- 853 'distributionPoint' => array(
- 854 'constant' => 0,
- 855 'optional' => true,
- 856 'explicit' => true
- 857 ) + $DistributionPointName,
- 858 'reasons' => array(
- 859 'constant' => 1,
- 860 'optional' => true,
- 861 'implicit' => true
- 862 ) + $ReasonFlags,
- 863 'cRLIssuer' => array(
- 864 'constant' => 2,
- 865 'optional' => true,
- 866 'implicit' => true
- 867 ) + $GeneralNames
- 868 )
- 869 );
- 870
- 871 $this->CRLDistributionPoints = array(
- 872 'type' => FILE_ASN1_TYPE_SEQUENCE,
- 873 'min' => 1,
- 874 'max' => -1,
- 875 'children' => $DistributionPoint
- 876 );
- 877
- 878 $this->AuthorityKeyIdentifier = array(
- 879 'type' => FILE_ASN1_TYPE_SEQUENCE,
- 880 'children' => array(
- 881 'keyIdentifier' => array(
- 882 'constant' => 0,
- 883 'optional' => true,
- 884 'implicit' => true
- 885 ) + $this->KeyIdentifier,
- 886 'authorityCertIssuer' => array(
- 887 'constant' => 1,
- 888 'optional' => true,
- 889 'implicit' => true
- 890 ) + $GeneralNames,
- 891 'authorityCertSerialNumber' => array(
- 892 'constant' => 2,
- 893 'optional' => true,
- 894 'implicit' => true
- 895 ) + $CertificateSerialNumber
- 896 )
- 897 );
- 898
- 899 $PolicyQualifierId = array('type' => FILE_ASN1_TYPE_OBJECT_IDENTIFIER);
- 900
- 901 $PolicyQualifierInfo = array(
- 902 'type' => FILE_ASN1_TYPE_SEQUENCE,
- 903 'children' => array(
- 904 'policyQualifierId' => $PolicyQualifierId,
- 905 'qualifier' => array('type' => FILE_ASN1_TYPE_ANY)
- 906 )
- 907 );
- 908
- 909 $CertPolicyId = array('type' => FILE_ASN1_TYPE_OBJECT_IDENTIFIER);
- 910
- 911 $PolicyInformation = array(
- 912 'type' => FILE_ASN1_TYPE_SEQUENCE,
- 913 'children' => array(
- 914 'policyIdentifier' => $CertPolicyId,
- 915 'policyQualifiers' => array(
- 916 'type' => FILE_ASN1_TYPE_SEQUENCE,
- 917 'min' => 0,
- 918 'max' => -1,
- 919 'optional' => true,
- 920 'children' => $PolicyQualifierInfo
- 921 )
- 922 )
- 923 );
- 924
- 925 $this->CertificatePolicies = array(
- 926 'type' => FILE_ASN1_TYPE_SEQUENCE,
- 927 'min' => 1,
- 928 'max' => -1,
- 929 'children' => $PolicyInformation
- 930 );
- 931
- 932 $this->PolicyMappings = array(
- 933 'type' => FILE_ASN1_TYPE_SEQUENCE,
- 934 'min' => 1,
- 935 'max' => -1,
- 936 'children' => array(
- 937 'type' => FILE_ASN1_TYPE_SEQUENCE,
- 938 'children' => array(
- 939 'issuerDomainPolicy' => $CertPolicyId,
- 940 'subjectDomainPolicy' => $CertPolicyId
- 941 )
- 942 )
- 943 );
- 944
- 945 $KeyPurposeId = array('type' => FILE_ASN1_TYPE_OBJECT_IDENTIFIER);
- 946
- 947 $this->ExtKeyUsageSyntax = array(
- 948 'type' => FILE_ASN1_TYPE_SEQUENCE,
- 949 'min' => 1,
- 950 'max' => -1,
- 951 'children' => $KeyPurposeId
- 952 );
- 953
- 954 $AccessDescription = array(
- 955 'type' => FILE_ASN1_TYPE_SEQUENCE,
- 956 'children' => array(
- 957 'accessMethod' => array('type' => FILE_ASN1_TYPE_OBJECT_IDENTIFIER),
- 958 'accessLocation' => $GeneralName
- 959 )
- 960 );
- 961
- 962 $this->AuthorityInfoAccessSyntax = array(
- 963 'type' => FILE_ASN1_TYPE_SEQUENCE,
- 964 'min' => 1,
- 965 'max' => -1,
- 966 'children' => $AccessDescription
- 967 );
- 968
- 969 $this->SubjectAltName = $GeneralNames;
- 970
- 971 $this->PrivateKeyUsagePeriod = array(
- 972 'type' => FILE_ASN1_TYPE_SEQUENCE,
- 973 'children' => array(
- 974 'notBefore' => array(
- 975 'constant' => 0,
- 976 'optional' => true,
- 977 'implicit' => true,
- 978 'type' => FILE_ASN1_TYPE_GENERALIZED_TIME),
- 979 'notAfter' => array(
- 980 'constant' => 1,
- 981 'optional' => true,
- 982 'implicit' => true,
- 983 'type' => FILE_ASN1_TYPE_GENERALIZED_TIME)
- 984 )
- 985 );
- 986
- 987 $BaseDistance = array('type' => FILE_ASN1_TYPE_INTEGER);
- 988
- 989 $GeneralSubtree = array(
- 990 'type' => FILE_ASN1_TYPE_SEQUENCE,
- 991 'children' => array(
- 992 'base' => $GeneralName,
- 993 'minimum' => array(
- 994 'constant' => 0,
- 995 'optional' => true,
- 996 'implicit' => true,
- 997 'default' => new Math_BigInteger(0)
- 998 ) + $BaseDistance,
- 999 'maximum' => array(
- 1000 'constant' => 1,
- 1001 'optional' => true,
- 1002 'implicit' => true,
- 1003 ) + $BaseDistance
- 1004 )
- 1005 );
- 1006
- 1007 $GeneralSubtrees = array(
- 1008 'type' => FILE_ASN1_TYPE_SEQUENCE,
- 1009 'min' => 1,
- 1010 'max' => -1,
- 1011 'children' => $GeneralSubtree
- 1012 );
- 1013
- 1014 $this->NameConstraints = array(
- 1015 'type' => FILE_ASN1_TYPE_SEQUENCE,
- 1016 'children' => array(
- 1017 'permittedSubtrees' => array(
- 1018 'constant' => 0,
- 1019 'optional' => true,
- 1020 'implicit' => true
- 1021 ) + $GeneralSubtrees,
- 1022 'excludedSubtrees' => array(
- 1023 'constant' => 1,
- 1024 'optional' => true,
- 1025 'implicit' => true
- 1026 ) + $GeneralSubtrees
- 1027 )
- 1028 );
- 1029
- 1030 $this->CPSuri = array('type' => FILE_ASN1_TYPE_IA5_STRING);
- 1031
- 1032 $DisplayText = array(
- 1033 'type' => FILE_ASN1_TYPE_CHOICE,
- 1034 'children' => array(
- 1035 'ia5String' => array('type' => FILE_ASN1_TYPE_IA5_STRING),
- 1036 'visibleString' => array('type' => FILE_ASN1_TYPE_VISIBLE_STRING),
- 1037 'bmpString' => array('type' => FILE_ASN1_TYPE_BMP_STRING),
- 1038 'utf8String' => array('type' => FILE_ASN1_TYPE_UTF8_STRING)
- 1039 )
- 1040 );
- 1041
- 1042 $NoticeReference = array(
- 1043 'type' => FILE_ASN1_TYPE_SEQUENCE,
- 1044 'children' => array(
- 1045 'organization' => $DisplayText,
- 1046 'noticeNumbers' => array(
- 1047 'type' => FILE_ASN1_TYPE_SEQUENCE,
- 1048 'min' => 1,
- 1049 'max' => 200,
- 1050 'children' => array('type' => FILE_ASN1_TYPE_INTEGER)
- 1051 )
- 1052 )
- 1053 );
- 1054
- 1055 $this->UserNotice = array(
- 1056 'type' => FILE_ASN1_TYPE_SEQUENCE,
- 1057 'children' => array(
- 1058 'noticeRef' => array(
- 1059 'optional' => true,
- 1060 'implicit' => true
- 1061 ) + $NoticeReference,
- 1062 'explicitText' => array(
- 1063 'optional' => true,
- 1064 'implicit' => true
- 1065 ) + $DisplayText
- 1066 )
- 1067 );
- 1068
- 1069
- 1070 $this->netscape_cert_type = array(
- 1071 'type' => FILE_ASN1_TYPE_BIT_STRING,
- 1072 'mapping' => array(
- 1073 'SSLClient',
- 1074 'SSLServer',
- 1075 'Email',
- 1076 'ObjectSigning',
- 1077 'Reserved',
- 1078 'SSLCA',
- 1079 'EmailCA',
- 1080 'ObjectSigningCA'
- 1081 )
- 1082 );
- 1083
- 1084 $this->netscape_comment = array('type' => FILE_ASN1_TYPE_IA5_STRING);
- 1085 $this->netscape_ca_policy_url = array('type' => FILE_ASN1_TYPE_IA5_STRING);
- 1086
- 1087
- 1088
- 1089 $Attribute = array(
- 1090 'type' => FILE_ASN1_TYPE_SEQUENCE,
- 1091 'children' => array(
- 1092 'type' => $AttributeType,
- 1093 'value'=> array(
- 1094 'type' => FILE_ASN1_TYPE_SET,
- 1095 'min' => 1,
- 1096 'max' => -1,
- 1097 'children' => $this->AttributeValue
- 1098 )
- 1099 )
- 1100 );
- 1101
- 1102 $this->SubjectDirectoryAttributes = array(
- 1103 'type' => FILE_ASN1_TYPE_SEQUENCE,
- 1104 'min' => 1,
- 1105 'max' => -1,
- 1106 'children' => $Attribute
- 1107 );
- 1108
- 1109
- 1110
- 1111 $Attributes = array(
- 1112 'type' => FILE_ASN1_TYPE_SET,
- 1113 'min' => 1,
- 1114 'max' => -1,
- 1115 'children' => $Attribute
- 1116 );
- 1117
- 1118 $CertificationRequestInfo = array(
- 1119 'type' => FILE_ASN1_TYPE_SEQUENCE,
- 1120 'children' => array(
- 1121 'version' => array(
- 1122 'type' => FILE_ASN1_TYPE_INTEGER,
- 1123 'mapping' => array('v1')
- 1124 ),
- 1125 'subject' => $this->Name,
- 1126 'subjectPKInfo' => $SubjectPublicKeyInfo,
- 1127 'attributes' => array(
- 1128 'constant' => 0,
- 1129 'optional' => true,
- 1130 'implicit' => true
- 1131 ) + $Attributes,
- 1132 )
- 1133 );
- 1134
- 1135 $this->CertificationRequest = array(
- 1136 'type' => FILE_ASN1_TYPE_SEQUENCE,
- 1137 'children' => array(
- 1138 'certificationRequestInfo' => $CertificationRequestInfo,
- 1139 'signatureAlgorithm' => $AlgorithmIdentifier,
- 1140 'signature' => array('type' => FILE_ASN1_TYPE_BIT_STRING)
- 1141 )
- 1142 );
- 1143
- 1144 $RevokedCertificate = array(
- 1145 'type' => FILE_ASN1_TYPE_SEQUENCE,
- 1146 'children' => array(
- 1147 'userCertificate' => $CertificateSerialNumber,
- 1148 'revocationDate' => $Time,
- 1149 'crlEntryExtensions' => array(
- 1150 'optional' => true
- 1151 ) + $this->Extensions
- 1152 )
- 1153 );
- 1154
- 1155 $TBSCertList = array(
- 1156 'type' => FILE_ASN1_TYPE_SEQUENCE,
- 1157 'children' => array(
- 1158 'version' => array(
- 1159 'optional' => true,
- 1160 'default' => 'v1'
- 1161 ) + $Version,
- 1162 'signature' => $AlgorithmIdentifier,
- 1163 'issuer' => $this->Name,
- 1164 'thisUpdate' => $Time,
- 1165 'nextUpdate' => array(
- 1166 'optional' => true
- 1167 ) + $Time,
- 1168 'revokedCertificates' => array(
- 1169 'type' => FILE_ASN1_TYPE_SEQUENCE,
- 1170 'optional' => true,
- 1171 'min' => 0,
- 1172 'max' => -1,
- 1173 'children' => $RevokedCertificate
- 1174 ),
- 1175 'crlExtensions' => array(
- 1176 'constant' => 0,
- 1177 'optional' => true,
- 1178 'explicit' => true
- 1179 ) + $this->Extensions
- 1180 )
- 1181 );
- 1182
- 1183 $this->CertificateList = array(
- 1184 'type' => FILE_ASN1_TYPE_SEQUENCE,
- 1185 'children' => array(
- 1186 'tbsCertList' => $TBSCertList,
- 1187 'signatureAlgorithm' => $AlgorithmIdentifier,
- 1188 'signature' => array('type' => FILE_ASN1_TYPE_BIT_STRING)
- 1189 )
- 1190 );
- 1191
- 1192 $this->CRLNumber = array('type' => FILE_ASN1_TYPE_INTEGER);
- 1193
- 1194 $this->CRLReason = array('type' => FILE_ASN1_TYPE_ENUMERATED,
- 1195 'mapping' => array(
- 1196 'unspecified',
- 1197 'keyCompromise',
- 1198 'cACompromise',
- 1199 'affiliationChanged',
- 1200 'superseded',
- 1201 'cessationOfOperation',
- 1202 'certificateHold',
- 1203
- 1204 8 => 'removeFromCRL',
- 1205 'privilegeWithdrawn',
- 1206 'aACompromise'
- 1207 )
- 1208 );
- 1209
- 1210 $this->IssuingDistributionPoint = array('type' => FILE_ASN1_TYPE_SEQUENCE,
- 1211 'children' => array(
- 1212 'distributionPoint' => array(
- 1213 'constant' => 0,
- 1214 'optional' => true,
- 1215 'explicit' => true
- 1216 ) + $DistributionPointName,
- 1217 'onlyContainsUserCerts' => array(
- 1218 'type' => FILE_ASN1_TYPE_BOOLEAN,
- 1219 'constant' => 1,
- 1220 'optional' => true,
- 1221 'default' => false,
- 1222 'implicit' => true
- 1223 ),
- 1224 'onlyContainsCACerts' => array(
- 1225 'type' => FILE_ASN1_TYPE_BOOLEAN,
- 1226 'constant' => 2,
- 1227 'optional' => true,
- 1228 'default' => false,
- 1229 'implicit' => true
- 1230 ),
- 1231 'onlySomeReasons' => array(
- 1232 'constant' => 3,
- 1233 'optional' => true,
- 1234 'implicit' => true
- 1235 ) + $ReasonFlags,
- 1236 'indirectCRL' => array(
- 1237 'type' => FILE_ASN1_TYPE_BOOLEAN,
- 1238 'constant' => 4,
- 1239 'optional' => true,
- 1240 'default' => false,
- 1241 'implicit' => true
- 1242 ),
- 1243 'onlyContainsAttributeCerts' => array(
- 1244 'type' => FILE_ASN1_TYPE_BOOLEAN,
- 1245 'constant' => 5,
- 1246 'optional' => true,
- 1247 'default' => false,
- 1248 'implicit' => true
- 1249 )
- 1250 )
- 1251 );
- 1252
- 1253 $this->InvalidityDate = array('type' => FILE_ASN1_TYPE_GENERALIZED_TIME);
- 1254
- 1255 $this->CertificateIssuer = $GeneralNames;
- 1256
- 1257 $this->HoldInstructionCode = array('type' => FILE_ASN1_TYPE_OBJECT_IDENTIFIER);
- 1258
- 1259 $PublicKeyAndChallenge = array(
- 1260 'type' => FILE_ASN1_TYPE_SEQUENCE,
- 1261 'children' => array(
- 1262 'spki' => $SubjectPublicKeyInfo,
- 1263 'challenge' => array('type' => FILE_ASN1_TYPE_IA5_STRING)
- 1264 )
- 1265 );
- 1266
- 1267 $this->SignedPublicKeyAndChallenge = array(
- 1268 'type' => FILE_ASN1_TYPE_SEQUENCE,
- 1269 'children' => array(
- 1270 'publicKeyAndChallenge' => $PublicKeyAndChallenge,
- 1271 'signatureAlgorithm' => $AlgorithmIdentifier,
- 1272 'signature' => array('type' => FILE_ASN1_TYPE_BIT_STRING)
- 1273 )
- 1274 );
- 1275
- 1276 $this->PostalAddress = array(
- 1277 'type' => FILE_ASN1_TYPE_SEQUENCE,
- 1278 'optional' => true,
- 1279 'min' => 1,
- 1280 'max' => -1,
- 1281 'children' => $this->DirectoryString
- 1282 );
- 1283
- 1284
- 1285 $this->oids = array(
- 1286 '1.3.6.1.5.5.7' => 'id-pkix',
- 1287 '1.3.6.1.5.5.7.1' => 'id-pe',
- 1288 '1.3.6.1.5.5.7.2' => 'id-qt',
- 1289 '1.3.6.1.5.5.7.3' => 'id-kp',
- 1290 '1.3.6.1.5.5.7.48' => 'id-ad',
- 1291 '1.3.6.1.5.5.7.2.1' => 'id-qt-cps',
- 1292 '1.3.6.1.5.5.7.2.2' => 'id-qt-unotice',
- 1293 '1.3.6.1.5.5.7.48.1' =>'id-ad-ocsp',
- 1294 '1.3.6.1.5.5.7.48.2' => 'id-ad-caIssuers',
- 1295 '1.3.6.1.5.5.7.48.3' => 'id-ad-timeStamping',
- 1296 '1.3.6.1.5.5.7.48.5' => 'id-ad-caRepository',
- 1297 '2.5.4' => 'id-at',
- 1298 '2.5.4.41' => 'id-at-name',
- 1299 '2.5.4.4' => 'id-at-surname',
- 1300 '2.5.4.42' => 'id-at-givenName',
- 1301 '2.5.4.43' => 'id-at-initials',
- 1302 '2.5.4.44' => 'id-at-generationQualifier',
- 1303 '2.5.4.3' => 'id-at-commonName',
- 1304 '2.5.4.7' => 'id-at-localityName',
- 1305 '2.5.4.8' => 'id-at-stateOrProvinceName',
- 1306 '2.5.4.10' => 'id-at-organizationName',
- 1307 '2.5.4.11' => 'id-at-organizationalUnitName',
- 1308 '2.5.4.12' => 'id-at-title',
- 1309 '2.5.4.13' => 'id-at-description',
- 1310 '2.5.4.46' => 'id-at-dnQualifier',
- 1311 '2.5.4.6' => 'id-at-countryName',
- 1312 '2.5.4.5' => 'id-at-serialNumber',
- 1313 '2.5.4.65' => 'id-at-pseudonym',
- 1314 '2.5.4.17' => 'id-at-postalCode',
- 1315 '2.5.4.9' => 'id-at-streetAddress',
- 1316 '2.5.4.45' => 'id-at-uniqueIdentifier',
- 1317 '2.5.4.72' => 'id-at-role',
- 1318 '2.5.4.16' => 'id-at-postalAddress',
- 1319
- 1320 '0.9.2342.19200300.100.1.25' => 'id-domainComponent',
- 1321 '1.2.840.113549.1.9' => 'pkcs-9',
- 1322 '1.2.840.113549.1.9.1' => 'pkcs-9-at-emailAddress',
- 1323 '2.5.29' => 'id-ce',
- 1324 '2.5.29.35' => 'id-ce-authorityKeyIdentifier',
- 1325 '2.5.29.14' => 'id-ce-subjectKeyIdentifier',
- 1326 '2.5.29.15' => 'id-ce-keyUsage',
- 1327 '2.5.29.16' => 'id-ce-privateKeyUsagePeriod',
- 1328 '2.5.29.32' => 'id-ce-certificatePolicies',
- 1329 '2.5.29.32.0' => 'anyPolicy',
- 1330
- 1331 '2.5.29.33' => 'id-ce-policyMappings',
- 1332 '2.5.29.17' => 'id-ce-subjectAltName',
- 1333 '2.5.29.18' => 'id-ce-issuerAltName',
- 1334 '2.5.29.9' => 'id-ce-subjectDirectoryAttributes',
- 1335 '2.5.29.19' => 'id-ce-basicConstraints',
- 1336 '2.5.29.30' => 'id-ce-nameConstraints',
- 1337 '2.5.29.36' => 'id-ce-policyConstraints',
- 1338 '2.5.29.31' => 'id-ce-cRLDistributionPoints',
- 1339 '2.5.29.37' => 'id-ce-extKeyUsage',
- 1340 '2.5.29.37.0' => 'anyExtendedKeyUsage',
- 1341 '1.3.6.1.5.5.7.3.1' => 'id-kp-serverAuth',
- 1342 '1.3.6.1.5.5.7.3.2' => 'id-kp-clientAuth',
- 1343 '1.3.6.1.5.5.7.3.3' => 'id-kp-codeSigning',
- 1344 '1.3.6.1.5.5.7.3.4' => 'id-kp-emailProtection',
- 1345 '1.3.6.1.5.5.7.3.8' => 'id-kp-timeStamping',
- 1346 '1.3.6.1.5.5.7.3.9' => 'id-kp-OCSPSigning',
- 1347 '2.5.29.54' => 'id-ce-inhibitAnyPolicy',
- 1348 '2.5.29.46' => 'id-ce-freshestCRL',
- 1349 '1.3.6.1.5.5.7.1.1' => 'id-pe-authorityInfoAccess',
- 1350 '1.3.6.1.5.5.7.1.11' => 'id-pe-subjectInfoAccess',
- 1351 '2.5.29.20' => 'id-ce-cRLNumber',
- 1352 '2.5.29.28' => 'id-ce-issuingDistributionPoint',
- 1353 '2.5.29.27' => 'id-ce-deltaCRLIndicator',
- 1354 '2.5.29.21' => 'id-ce-cRLReasons',
- 1355 '2.5.29.29' => 'id-ce-certificateIssuer',
- 1356 '2.5.29.23' => 'id-ce-holdInstructionCode',
- 1357 '1.2.840.10040.2' => 'holdInstruction',
- 1358 '1.2.840.10040.2.1' => 'id-holdinstruction-none',
- 1359 '1.2.840.10040.2.2' => 'id-holdinstruction-callissuer',
- 1360 '1.2.840.10040.2.3' => 'id-holdinstruction-reject',
- 1361 '2.5.29.24' => 'id-ce-invalidityDate',
- 1362
- 1363 '1.2.840.113549.2.2' => 'md2',
- 1364 '1.2.840.113549.2.5' => 'md5',
- 1365 '1.3.14.3.2.26' => 'id-sha1',
- 1366 '1.2.840.10040.4.1' => 'id-dsa',
- 1367 '1.2.840.10040.4.3' => 'id-dsa-with-sha1',
- 1368 '1.2.840.113549.1.1' => 'pkcs-1',
- 1369 '1.2.840.113549.1.1.1' => 'rsaEncryption',
- 1370 '1.2.840.113549.1.1.2' => 'md2WithRSAEncryption',
- 1371 '1.2.840.113549.1.1.4' => 'md5WithRSAEncryption',
- 1372 '1.2.840.113549.1.1.5' => 'sha1WithRSAEncryption',
- 1373 '1.2.840.10046.2.1' => 'dhpublicnumber',
- 1374 '2.16.840.1.101.2.1.1.22' => 'id-keyExchangeAlgorithm',
- 1375 '1.2.840.10045' => 'ansi-X9-62',
- 1376 '1.2.840.10045.4' => 'id-ecSigType',
- 1377 '1.2.840.10045.4.1' => 'ecdsa-with-SHA1',
- 1378 '1.2.840.10045.1' => 'id-fieldType',
- 1379 '1.2.840.10045.1.1' => 'prime-field',
- 1380 '1.2.840.10045.1.2' => 'characteristic-two-field',
- 1381 '1.2.840.10045.1.2.3' => 'id-characteristic-two-basis',
- 1382 '1.2.840.10045.1.2.3.1' => 'gnBasis',
- 1383 '1.2.840.10045.1.2.3.2' => 'tpBasis',
- 1384 '1.2.840.10045.1.2.3.3' => 'ppBasis',
- 1385 '1.2.840.10045.2' => 'id-publicKeyType',
- 1386 '1.2.840.10045.2.1' => 'id-ecPublicKey',
- 1387 '1.2.840.10045.3' => 'ellipticCurve',
- 1388 '1.2.840.10045.3.0' => 'c-TwoCurve',
- 1389 '1.2.840.10045.3.0.1' => 'c2pnb163v1',
- 1390 '1.2.840.10045.3.0.2' => 'c2pnb163v2',
- 1391 '1.2.840.10045.3.0.3' => 'c2pnb163v3',
- 1392 '1.2.840.10045.3.0.4' => 'c2pnb176w1',
- 1393 '1.2.840.10045.3.0.5' => 'c2pnb191v1',
- 1394 '1.2.840.10045.3.0.6' => 'c2pnb191v2',
- 1395 '1.2.840.10045.3.0.7' => 'c2pnb191v3',
- 1396 '1.2.840.10045.3.0.8' => 'c2pnb191v4',
- 1397 '1.2.840.10045.3.0.9' => 'c2pnb191v5',
- 1398 '1.2.840.10045.3.0.10' => 'c2pnb208w1',
- 1399 '1.2.840.10045.3.0.11' => 'c2pnb239v1',
- 1400 '1.2.840.10045.3.0.12' => 'c2pnb239v2',
- 1401 '1.2.840.10045.3.0.13' => 'c2pnb239v3',
- 1402 '1.2.840.10045.3.0.14' => 'c2pnb239v4',
- 1403 '1.2.840.10045.3.0.15' => 'c2pnb239v5',
- 1404 '1.2.840.10045.3.0.16' => 'c2pnb272w1',
- 1405 '1.2.840.10045.3.0.17' => 'c2pnb304w1',
- 1406 '1.2.840.10045.3.0.18' => 'c2pnb359v1',
- 1407 '1.2.840.10045.3.0.19' => 'c2pnb368w1',
- 1408 '1.2.840.10045.3.0.20' => 'c2pnb431r1',
- 1409 '1.2.840.10045.3.1' => 'primeCurve',
- 1410 '1.2.840.10045.3.1.1' => 'prime192v1',
- 1411 '1.2.840.10045.3.1.2' => 'prime192v2',
- 1412 '1.2.840.10045.3.1.3' => 'prime192v3',
- 1413 '1.2.840.10045.3.1.4' => 'prime239v1',
- 1414 '1.2.840.10045.3.1.5' => 'prime239v2',
- 1415 '1.2.840.10045.3.1.6' => 'prime239v3',
- 1416 '1.2.840.10045.3.1.7' => 'prime256v1',
- 1417 '1.2.840.113549.1.1.7' => 'id-RSAES-OAEP',
- 1418 '1.2.840.113549.1.1.9' => 'id-pSpecified',
- 1419 '1.2.840.113549.1.1.10' => 'id-RSASSA-PSS',
- 1420 '1.2.840.113549.1.1.8' => 'id-mgf1',
- 1421 '1.2.840.113549.1.1.14' => 'sha224WithRSAEncryption',
- 1422 '1.2.840.113549.1.1.11' => 'sha256WithRSAEncryption',
- 1423 '1.2.840.113549.1.1.12' => 'sha384WithRSAEncryption',
- 1424 '1.2.840.113549.1.1.13' => 'sha512WithRSAEncryption',
- 1425 '2.16.840.1.101.3.4.2.4' => 'id-sha224',
- 1426 '2.16.840.1.101.3.4.2.1' => 'id-sha256',
- 1427 '2.16.840.1.101.3.4.2.2' => 'id-sha384',
- 1428 '2.16.840.1.101.3.4.2.3' => 'id-sha512',
- 1429 '1.2.643.2.2.4' => 'id-GostR3411-94-with-GostR3410-94',
- 1430 '1.2.643.2.2.3' => 'id-GostR3411-94-with-GostR3410-2001',
- 1431 '1.2.643.2.2.20' => 'id-GostR3410-2001',
- 1432 '1.2.643.2.2.19' => 'id-GostR3410-94',
- 1433
- 1434 '2.16.840.1.113730' => 'netscape',
- 1435 '2.16.840.1.113730.1' => 'netscape-cert-extension',
- 1436 '2.16.840.1.113730.1.1' => 'netscape-cert-type',
- 1437 '2.16.840.1.113730.1.13' => 'netscape-comment',
- 1438 '2.16.840.1.113730.1.8' => 'netscape-ca-policy-url',
- 1439
- 1440 '1.3.6.1.5.5.7.1.12' => 'id-pe-logotype',
- 1441 '1.2.840.113533.7.65.0' => 'entrustVersInfo',
- 1442 '2.16.840.1.113733.1.6.9' => 'verisignPrivate',
- 1443
- 1444
- 1445 '1.2.840.113549.1.9.2' => 'pkcs-9-at-unstructuredName',
- 1446 '1.2.840.113549.1.9.7' => 'pkcs-9-at-challengePassword',
- 1447 '1.2.840.113549.1.9.14' => 'pkcs-9-at-extensionRequest'
- 1448 );
- 1449 }
- 1450
- 1451
- 1452
- 1453
- 1454
- 1455
- 1456
- 1457 function File_X509()
- 1458 {
- 1459 $this->__construct();
- 1460 }
- 1461
- 1462
- 1463
- 1464
- 1465
- 1466
- 1467
- 1468
- 1469
- 1470
- 1471
- 1472 function loadX509($cert, $mode = FILE_X509_FORMAT_AUTO_DETECT)
- 1473 {
- 1474 if (is_array($cert) && isset($cert['tbsCertificate'])) {
- 1475 unset($this->currentCert);
- 1476 unset($this->currentKeyIdentifier);
- 1477 $this->dn = $cert['tbsCertificate']['subject'];
- 1478 if (!isset($this->dn)) {
- 1479 return false;
- 1480 }
- 1481 $this->currentCert = $cert;
- 1482
- 1483 $currentKeyIdentifier = $this->getExtension('id-ce-subjectKeyIdentifier');
- 1484 $this->currentKeyIdentifier = is_string($currentKeyIdentifier) ? $currentKeyIdentifier : null;
- 1485
- 1486 unset($this->signatureSubject);
- 1487
- 1488 return $cert;
- 1489 }
- 1490
- 1491 $asn1 = new File_ASN1();
- 1492
- 1493 if ($mode != FILE_X509_FORMAT_DER) {
- 1494 $newcert = $this->_extractBER($cert);
- 1495 if ($mode == FILE_X509_FORMAT_PEM && $cert == $newcert) {
- 1496 return false;
- 1497 }
- 1498 $cert = $newcert;
- 1499 }
- 1500
- 1501 if ($cert === false) {
- 1502 $this->currentCert = false;
- 1503 return false;
- 1504 }
- 1505
- 1506 $asn1->loadOIDs($this->oids);
- 1507 $decoded = $asn1->decodeBER($cert);
- 1508
- 1509 if (!empty($decoded)) {
- 1510 $x509 = $asn1->asn1map($decoded[0], $this->Certificate);
- 1511 }
- 1512 if (!isset($x509) || $x509 === false) {
- 1513 $this->currentCert = false;
- 1514 return false;
- 1515 }
- 1516
- 1517 $this->signatureSubject = substr($cert, $decoded[0]['content'][0]['start'], $decoded[0]['content'][0]['length']);
- 1518
- 1519 if ($this->_isSubArrayValid($x509, 'tbsCertificate/extensions')) {
- 1520 $this->_mapInExtensions($x509, 'tbsCertificate/extensions', $asn1);
- 1521 }
- 1522 $this->_mapInDNs($x509, 'tbsCertificate/issuer/rdnSequence', $asn1);
- 1523 $this->_mapInDNs($x509, 'tbsCertificate/subject/rdnSequence', $asn1);
- 1524
- 1525 $key = &$x509['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey'];
- 1526 $key = $this->_reformatKey($x509['tbsCertificate']['subjectPublicKeyInfo']['algorithm']['algorithm'], $key);
- 1527
- 1528 $this->currentCert = $x509;
- 1529 $this->dn = $x509['tbsCertificate']['subject'];
- 1530
- 1531 $currentKeyIdentifier = $this->getExtension('id-ce-subjectKeyIdentifier');
- 1532 $this->currentKeyIdentifier = is_string($currentKeyIdentifier) ? $currentKeyIdentifier : null;
- 1533
- 1534 return $x509;
- 1535 }
- 1536
- 1537
- 1538
- 1539
- 1540
- 1541
- 1542
- 1543
- 1544
- 1545 function saveX509($cert, $format = FILE_X509_FORMAT_PEM)
- 1546 {
- 1547 if (!is_array($cert) || !isset($cert['tbsCertificate'])) {
- 1548 return false;
- 1549 }
- 1550
- 1551 switch (true) {
- 1552
- 1553 case !($algorithm = $this->_subArray($cert, 'tbsCertificate/subjectPublicKeyInfo/algorithm/algorithm')):
- 1554 case is_object($cert['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey']):
- 1555 break;
- 1556 default:
- 1557 switch ($algorithm) {
- 1558 case 'rsaEncryption':
- 1559 $cert['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey']
- 1560 = base64_encode("\0" . base64_decode(preg_replace('#-.+-|[\r\n]#', '', $cert['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey'])));
- 1561
- 1562
- 1563
- 1564
- 1565
- 1566
- 1567 $cert['tbsCertificate']['subjectPublicKeyInfo']['algorithm']['parameters'] = null;
- 1568
- 1569 $cert['signatureAlgorithm']['parameters'] = null;
- 1570 $cert['tbsCertificate']['signature']['parameters'] = null;
- 1571 }
- 1572 }
- 1573
- 1574 $asn1 = new File_ASN1();
- 1575 $asn1->loadOIDs($this->oids);
- 1576
- 1577 $filters = array();
- 1578 $type_utf8_string = array('type' => FILE_ASN1_TYPE_UTF8_STRING);
- 1579 $filters['tbsCertificate']['signature']['parameters'] = $type_utf8_string;
- 1580 $filters['tbsCertificate']['signature']['issuer']['rdnSequence']['value'] = $type_utf8_string;
- 1581 $filters['tbsCertificate']['issuer']['rdnSequence']['value'] = $type_utf8_string;
- 1582 $filters['tbsCertificate']['subject']['rdnSequence']['value'] = $type_utf8_string;
- 1583 $filters['tbsCertificate']['subjectPublicKeyInfo']['algorithm']['parameters'] = $type_utf8_string;
- 1584 $filters['signatureAlgorithm']['parameters'] = $type_utf8_string;
- 1585 $filters['authorityCertIssuer']['directoryName']['rdnSequence']['value'] = $type_utf8_string;
- 1586
- 1587 $filters['distributionPoint']['fullName']['directoryName']['rdnSequence']['value'] = $type_utf8_string;
- 1588 $filters['directoryName']['rdnSequence']['value'] = $type_utf8_string;
- 1589
- 1590
- 1591
- 1592
- 1593
- 1594 $filters['policyQualifiers']['qualifier']
- 1595 = array('type' => FILE_ASN1_TYPE_IA5_STRING);
- 1596
- 1597 $asn1->loadFilters($filters);
- 1598
- 1599 $this->_mapOutExtensions($cert, 'tbsCertificate/extensions', $asn1);
- 1600 $this->_mapOutDNs($cert, 'tbsCertificate/issuer/rdnSequence', $asn1);
- 1601 $this->_mapOutDNs($cert, 'tbsCertificate/subject/rdnSequence', $asn1);
- 1602
- 1603 $cert = $asn1->encodeDER($cert, $this->Certificate);
- 1604
- 1605 switch ($format) {
- 1606 case FILE_X509_FORMAT_DER:
- 1607 return $cert;
- 1608
- 1609 default:
- 1610 return "-----BEGIN CERTIFICATE-----\r\n" . chunk_split(base64_encode($cert), 64) . '-----END CERTIFICATE-----';
- 1611 }
- 1612 }
- 1613
- 1614
- 1615
- 1616
- 1617
- 1618
- 1619
- 1620
- 1621
- 1622
- 1623 function _mapInExtensions(&$root, $path, $asn1)
- 1624 {
- 1625 $extensions = &$this->_subArrayUnchecked($root, $path);
- 1626
- 1627 if ($extensions) {
- 1628 for ($i = 0; $i < count($extensions); $i++) {
- 1629 $id = $extensions[$i]['extnId'];
- 1630 $value = &$extensions[$i]['extnValue'];
- 1631 $value = base64_decode($value);
- 1632 $decoded = $asn1->decodeBER($value);
- 1633
- 1634
- 1635 $map = $this->_getMapping($id);
- 1636 if (!is_bool($map)) {
- 1637 $mapped = $asn1->asn1map($decoded[0], $map, array('iPAddress' => array($this, '_decodeIP')));
- 1638 $value = $mapped === false ? $decoded[0] : $mapped;
- 1639
- 1640 if ($id == 'id-ce-certificatePolicies') {
- 1641 for ($j = 0; $j < count($value); $j++) {
- 1642 if (!isset($value[$j]['policyQualifiers'])) {
- 1643 continue;
- 1644 }
- 1645 for ($k = 0; $k < count($value[$j]['policyQualifiers']); $k++) {
- 1646 $subid = $value[$j]['policyQualifiers'][$k]['policyQualifierId'];
- 1647 $map = $this->_getMapping($subid);
- 1648 $subvalue = &$value[$j]['policyQualifiers'][$k]['qualifier'];
- 1649 if ($map !== false) {
- 1650 $decoded = $asn1->decodeBER($subvalue);
- 1651 $mapped = $asn1->asn1map($decoded[0], $map);
- 1652 $subvalue = $mapped === false ? $decoded[0] : $mapped;
- 1653 }
- 1654 }
- 1655 }
- 1656 }
- 1657 } else {
- 1658 $value = base64_encode($value);
- 1659 }
- 1660 }
- 1661 }
- 1662 }
- 1663
- 1664
- 1665
- 1666
- 1667
- 1668
- 1669
- 1670
- 1671
- 1672
- 1673 function _mapOutExtensions(&$root, $path, $asn1)
- 1674 {
- 1675 $extensions = &$this->_subArray($root, $path);
- 1676
- 1677 if (is_array($extensions)) {
- 1678 $size = count($extensions);
- 1679 for ($i = 0; $i < $size; $i++) {
- 1680 if (is_object($extensions[$i]) && strtolower(get_class($extensions[$i])) == 'file_asn1_element') {
- 1681 continue;
- 1682 }
- 1683
- 1684 $id = $extensions[$i]['extnId'];
- 1685 $value = &$extensions[$i]['extnValue'];
- 1686
- 1687 switch ($id) {
- 1688 case 'id-ce-certificatePolicies':
- 1689 for ($j = 0; $j < count($value); $j++) {
- 1690 if (!isset($value[$j]['policyQualifiers'])) {
- 1691 continue;
- 1692 }
- 1693 for ($k = 0; $k < count($value[$j]['policyQualifiers']); $k++) {
- 1694 $subid = $value[$j]['policyQualifiers'][$k]['policyQualifierId'];
- 1695 $map = $this->_getMapping($subid);
- 1696 $subvalue = &$value[$j]['policyQualifiers'][$k]['qualifier'];
- 1697 if ($map !== false) {
- 1698
- 1699
- 1700 $subvalue = new File_ASN1_Element($asn1->encodeDER($subvalue, $map));
- 1701 }
- 1702 }
- 1703 }
- 1704 break;
- 1705 case 'id-ce-authorityKeyIdentifier':
- 1706 if (isset($value['authorityCertSerialNumber'])) {
- 1707 if ($value['authorityCertSerialNumber']->toBytes() == '') {
- 1708 $temp = chr((FILE_ASN1_CLASS_CONTEXT_SPECIFIC << 6) | 2) . "\1\0";
- 1709 $value['authorityCertSerialNumber'] = new File_ASN1_Element($temp);
- 1710 }
- 1711 }
- 1712 }
- 1713
- 1714
- 1715
- 1716 $map = $this->_getMapping($id);
- 1717 if (is_bool($map)) {
- 1718 if (!$map) {
- 1719 user_error($id . ' is not a currently supported extension');
- 1720 unset($extensions[$i]);
- 1721 }
- 1722 } else {
- 1723 $temp = $asn1->encodeDER($value, $map, array('iPAddress' => array($this, '_encodeIP')));
- 1724 $value = base64_encode($temp);
- 1725 }
- 1726 }
- 1727 }
- 1728 }
- 1729
- 1730
- 1731
- 1732
- 1733
- 1734
- 1735
- 1736
- 1737
- 1738
- 1739 function _mapInAttributes(&$root, $path, $asn1)
- 1740 {
- 1741 $attributes = &$this->_subArray($root, $path);
- 1742
- 1743 if (is_array($attributes)) {
- 1744 for ($i = 0; $i < count($attributes); $i++) {
- 1745 $id = $attributes[$i]['type'];
- 1746
- 1747
- 1748 $map = $this->_getMapping($id);
- 1749 if (is_array($attributes[$i]['value'])) {
- 1750 $values = &$attributes[$i]['value'];
- 1751 for ($j = 0; $j < count($values); $j++) {
- 1752 $value = $asn1->encodeDER($values[$j], $this->AttributeValue);
- 1753 $decoded = $asn1->decodeBER($value);
- 1754 if (!is_bool($map)) {
- 1755 $mapped = $asn1->asn1map($decoded[0], $map);
- 1756 if ($mapped !== false) {
- 1757 $values[$j] = $mapped;
- 1758 }
- 1759 if ($id == 'pkcs-9-at-extensionRequest' && $this->_isSubArrayValid($values, $j)) {
- 1760 $this->_mapInExtensions($values, $j, $asn1);
- 1761 }
- 1762 } elseif ($map) {
- 1763 $values[$j] = base64_encode($value);
- 1764 }
- 1765 }
- 1766 }
- 1767 }
- 1768 }
- 1769 }
- 1770
- 1771
- 1772
- 1773
- 1774
- 1775
- 1776
- 1777
- 1778
- 1779
- 1780 function _mapOutAttributes(&$root, $path, $asn1)
- 1781 {
- 1782 $attributes = &$this->_subArray($root, $path);
- 1783
- 1784 if (is_array($attributes)) {
- 1785 $size = count($attributes);
- 1786 for ($i = 0; $i < $size; $i++) {
- 1787
- 1788
- 1789 $id = $attributes[$i]['type'];
- 1790 $map = $this->_getMapping($id);
- 1791 if ($map === false) {
- 1792 user_error($id . ' is not a currently supported attribute', E_USER_NOTICE);
- 1793 unset($attributes[$i]);
- 1794 } elseif (is_array($attributes[$i]['value'])) {
- 1795 $values = &$attributes[$i]['value'];
- 1796 for ($j = 0; $j < count($values); $j++) {
- 1797 switch ($id) {
- 1798 case 'pkcs-9-at-extensionRequest':
- 1799 $this->_mapOutExtensions($values, $j, $asn1);
- 1800 break;
- 1801 }
- 1802
- 1803 if (!is_bool($map)) {
- 1804 $temp = $asn1->encodeDER($values[$j], $map);
- 1805 $decoded = $asn1->decodeBER($temp);
- 1806 $values[$j] = $asn1->asn1map($decoded[0], $this->AttributeValue);
- 1807 }
- 1808 }
- 1809 }
- 1810 }
- 1811 }
- 1812 }
- 1813
- 1814
- 1815
- 1816
- 1817
- 1818
- 1819
- 1820
- 1821
- 1822
- 1823 function _mapInDNs(&$root, $path, $asn1)
- 1824 {
- 1825 $dns = &$this->_subArray($root, $path);
- 1826
- 1827 if (is_array($dns)) {
- 1828 for ($i = 0; $i < count($dns); $i++) {
- 1829 for ($j = 0; $j < count($dns[$i]); $j++) {
- 1830 $type = $dns[$i][$j]['type'];
- 1831 $value = &$dns[$i][$j]['value'];
- 1832 if (is_object($value) && strtolower(get_class($value)) == 'file_asn1_element') {
- 1833 $map = $this->_getMapping($type);
- 1834 if (!is_bool($map)) {
- 1835 $decoded = $asn1->decodeBER($value);
- 1836 $value = $asn1->asn1map($decoded[0], $map);
- 1837 }
- 1838 }
- 1839 }
- 1840 }
- 1841 }
- 1842 }
- 1843
- 1844
- 1845
- 1846
- 1847
- 1848
- 1849
- 1850
- 1851
- 1852
- 1853 function _mapOutDNs(&$root, $path, $asn1)
- 1854 {
- 1855 $dns = &$this->_subArray($root, $path);
- 1856
- 1857 if (is_array($dns)) {
- 1858 $size = count($dns);
- 1859 for ($i = 0; $i < $size; $i++) {
- 1860 for ($j = 0; $j < count($dns[$i]); $j++) {
- 1861 $type = $dns[$i][$j]['type'];
- 1862 $value = &$dns[$i][$j]['value'];
- 1863 if (is_object($value) && strtolower(get_class($value)) == 'file_asn1_element') {
- 1864 continue;
- 1865 }
- 1866
- 1867 $map = $this->_getMapping($type);
- 1868 if (!is_bool($map)) {
- 1869 $value = new File_ASN1_Element($asn1->encodeDER($value, $map));
- 1870 }
- 1871 }
- 1872 }
- 1873 }
- 1874 }
- 1875
- 1876
- 1877
- 1878
- 1879
- 1880
- 1881
- 1882
- 1883 function _getMapping($extnId)
- 1884 {
- 1885 if (!is_string($extnId)) {
- 1886 return true;
- 1887 }
- 1888
- 1889 switch ($extnId) {
- 1890 case 'id-ce-keyUsage':
- 1891 return $this->KeyUsage;
- 1892 case 'id-ce-basicConstraints':
- 1893 return $this->BasicConstraints;
- 1894 case 'id-ce-subjectKeyIdentifier':
- 1895 return $this->KeyIdentifier;
- 1896 case 'id-ce-cRLDistributionPoints':
- 1897 return $this->CRLDistributionPoints;
- 1898 case 'id-ce-authorityKeyIdentifier':
- 1899 return $this->AuthorityKeyIdentifier;
- 1900 case 'id-ce-certificatePolicies':
- 1901 return $this->CertificatePolicies;
- 1902 case 'id-ce-extKeyUsage':
- 1903 return $this->ExtKeyUsageSyntax;
- 1904 case 'id-pe-authorityInfoAccess':
- 1905 return $this->AuthorityInfoAccessSyntax;
- 1906 case 'id-ce-subjectAltName':
- 1907 return $this->SubjectAltName;
- 1908 case 'id-ce-subjectDirectoryAttributes':
- 1909 return $this->SubjectDirectoryAttributes;
- 1910 case 'id-ce-privateKeyUsagePeriod':
- 1911 return $this->PrivateKeyUsagePeriod;
- 1912 case 'id-ce-issuerAltName':
- 1913 return $this->IssuerAltName;
- 1914 case 'id-ce-policyMappings':
- 1915 return $this->PolicyMappings;
- 1916 case 'id-ce-nameConstraints':
- 1917 return $this->NameConstraints;
- 1918
- 1919 case 'netscape-cert-type':
- 1920 return $this->netscape_cert_type;
- 1921 case 'netscape-comment':
- 1922 return $this->netscape_comment;
- 1923 case 'netscape-ca-policy-url':
- 1924 return $this->netscape_ca_policy_url;
- 1925
- 1926
- 1927
- 1928
- 1929
- 1930 case 'id-qt-unotice':
- 1931 return $this->UserNotice;
- 1932
- 1933
- 1934 case 'id-pe-logotype':
- 1935 case 'entrustVersInfo':
- 1936
- 1937 case '1.3.6.1.4.1.311.20.2':
- 1938 case '1.3.6.1.4.1.311.21.1':
- 1939
- 1940
- 1941 case '2.23.42.7.0':
- 1942
- 1943
- 1944 case '1.3.6.1.4.1.11129.2.4.2':
- 1945 return true;
- 1946
- 1947
- 1948 case 'pkcs-9-at-unstructuredName':
- 1949 return $this->PKCS9String;
- 1950 case 'pkcs-9-at-challengePassword':
- 1951 return $this->DirectoryString;
- 1952 case 'pkcs-9-at-extensionRequest':
- 1953 return $this->Extensions;
- 1954
- 1955
- 1956 case 'id-ce-cRLNumber':
- 1957 return $this->CRLNumber;
- 1958 case 'id-ce-deltaCRLIndicator':
- 1959 return $this->CRLNumber;
- 1960 case 'id-ce-issuingDistributionPoint':
- 1961 return $this->IssuingDistributionPoint;
- 1962 case 'id-ce-freshestCRL':
- 1963 return $this->CRLDistributionPoints;
- 1964 case 'id-ce-cRLReasons':
- 1965 return $this->CRLReason;
- 1966 case 'id-ce-invalidityDate':
- 1967 return $this->InvalidityDate;
- 1968 case 'id-ce-certificateIssuer':
- 1969 return $this->CertificateIssuer;
- 1970 case 'id-ce-holdInstructionCode':
- 1971 return $this->HoldInstructionCode;
- 1972 case 'id-at-postalAddress':
- 1973 return $this->PostalAddress;
- 1974 }
- 1975
- 1976 return false;
- 1977 }
- 1978
- 1979
- 1980
- 1981
- 1982
- 1983
- 1984
- 1985
- 1986 function loadCA($cert)
- 1987 {
- 1988 $olddn = $this->dn;
- 1989 $oldcert = $this->currentCert;
- 1990 $oldsigsubj = $this->signatureSubject;
- 1991 $oldkeyid = $this->currentKeyIdentifier;
- 1992
- 1993 $cert = $this->loadX509($cert);
- 1994 if (!$cert) {
- 1995 $this->dn = $olddn;
- 1996 $this->currentCert = $oldcert;
- 1997 $this->signatureSubject = $oldsigsubj;
- 1998 $this->currentKeyIdentifier = $oldkeyid;
- 1999
- 2000 return false;
- 2001 }
- 2002
- 2003
- 2004
- 2005
- 2006
- 2007
- 2008
- 2009
- 2010
- 2011
- 2012
- 2013
- 2014
- 2015
- 2016
- 2017
- 2018
- 2019
- 2020
- 2021
- 2022
- 2023
- 2024
- 2025
- 2026
- 2027 $this->CAs[] = $cert;
- 2028
- 2029 $this->dn = $olddn;
- 2030 $this->currentCert = $oldcert;
- 2031 $this->signatureSubject = $oldsigsubj;
- 2032
- 2033 return true;
- 2034 }
- 2035
- 2036
- 2037
- 2038
- 2039
- 2040
- 2041
- 2042
- 2043
- 2044
- 2045
- 2046
- 2047
- 2048
- 2049
- 2050
- 2051
- 2052
- 2053 function validateURL($url)
- 2054 {
- 2055 if (!is_array($this->currentCert) || !isset($this->currentCert['tbsCertificate'])) {
- 2056 return false;
- 2057 }
- 2058
- 2059 $components = parse_url($url);
- 2060 if (!isset($components['host'])) {
- 2061 return false;
- 2062 }
- 2063
- 2064 if ($names = $this->getExtension('id-ce-subjectAltName')) {
- 2065 foreach ($names as $name) {
- 2066 foreach ($name as $key => $value) {
- 2067 $value = str_replace(array('.', '*'), array('\.', '[^.]*'), $value);
- 2068 switch ($key) {
- 2069 case 'dNSName':
- 2070
- 2071
- 2072
- 2073
- 2074
- 2075
- 2076
- 2077 if (preg_match('#^' . $value . '$#', $components['host'])) {
- 2078 return true;
- 2079 }
- 2080 break;
- 2081 case 'iPAddress':
- 2082
- 2083
- 2084
- 2085
- 2086
- 2087 if (preg_match('#(?:\d{1-3}\.){4}#', $components['host'] . '.') && preg_match('#^' . $value . '$#', $components['host'])) {
- 2088 return true;
- 2089 }
- 2090 }
- 2091 }
- 2092 }
- 2093 return false;
- 2094 }
- 2095
- 2096 if ($value = $this->getDNProp('id-at-commonName')) {
- 2097 $value = str_replace(array('.', '*'), array('\.', '[^.]*'), $value[0]);
- 2098 return preg_match('#^' . $value . '$#', $components['host']);
- 2099 }
- 2100
- 2101 return false;
- 2102 }
- 2103
- 2104
- 2105
- 2106
- 2107
- 2108
- 2109
- 2110
- 2111
- 2112 function validateDate($date = null)
- 2113 {
- 2114 if (!is_array($this->currentCert) || !isset($this->currentCert['tbsCertificate'])) {
- 2115 return false;
- 2116 }
- 2117
- 2118 if (!isset($date)) {
- 2119 $date = class_exists('DateTime') ?
- 2120 new DateTime($date, new DateTimeZone(@date_default_timezone_get())) :
- 2121 time();
- 2122 }
- 2123
- 2124 $notBefore = $this->currentCert['tbsCertificate']['validity']['notBefore'];
- 2125 $notBefore = isset($notBefore['generalTime']) ? $notBefore['generalTime'] : $notBefore['utcTime'];
- 2126
- 2127 $notAfter = $this->currentCert['tbsCertificate']['validity']['notAfter'];
- 2128 $notAfter = isset($notAfter['generalTime']) ? $notAfter['generalTime'] : $notAfter['utcTime'];
- 2129
- 2130 if (class_exists('DateTime')) {
- 2131 $notBefore = new DateTime($notBefore, new DateTimeZone(@date_default_timezone_get()));
- 2132 $notAfter = new DateTime($notAfter, new DateTimeZone(@date_default_timezone_get()));
- 2133 } else {
- 2134 $notBefore = @strtotime($notBefore);
- 2135 $notAfter = @strtotime($notAfter);
- 2136 }
- 2137
- 2138 switch (true) {
- 2139 case $date < $notBefore:
- 2140 case $date > $notAfter:
- 2141 return false;
- 2142 }
- 2143
- 2144 return true;
- 2145 }
- 2146
- 2147
- 2148
- 2149
- 2150
- 2151
- 2152
- 2153
- 2154
- 2155
- 2156
- 2157
- 2158
- 2159
- 2160
- 2161
- 2162 function validateSignature($caonly = true)
- 2163 {
- 2164 if (!is_array($this->currentCert) || !isset($this->signatureSubject)) {
- 2165 return null;
- 2166 }
- 2167
- 2168
- 2169
- 2170
- 2171
- 2172
- 2173
- 2174 switch (true) {
- 2175 case isset($this->currentCert['tbsCertificate']):
- 2176
- 2177 switch (true) {
- 2178 case !defined('FILE_X509_IGNORE_TYPE') && $this->currentCert['tbsCertificate']['issuer'] === $this->currentCert['tbsCertificate']['subject']:
- 2179 case defined('FILE_X509_IGNORE_TYPE') && $this->getIssuerDN(FILE_X509_DN_STRING) === $this->getDN(FILE_X509_DN_STRING):
- 2180 $authorityKey = $this->getExtension('id-ce-authorityKeyIdentifier');
- 2181 $subjectKeyID = $this->getExtension('id-ce-subjectKeyIdentifier');
- 2182 switch (true) {
- 2183 case !is_array($authorityKey):
- 2184 case !$subjectKeyID:
- 2185 case isset($authorityKey['keyIdentifier']) && $authorityKey['keyIdentifier'] === $subjectKeyID:
- 2186 $signingCert = $this->currentCert;
- 2187 }
- 2188 }
- 2189
- 2190 if (!empty($this->CAs)) {
- 2191 for ($i = 0; $i < count($this->CAs); $i++) {
- 2192
- 2193
- 2194 $ca = $this->CAs[$i];
- 2195 switch (true) {
- 2196 case !defined('FILE_X509_IGNORE_TYPE') && $this->currentCert['tbsCertificate']['issuer'] === $ca['tbsCertificate']['subject']:
- 2197 case defined('FILE_X509_IGNORE_TYPE') && $this->getDN(FILE_X509_DN_STRING, $this->currentCert['tbsCertificate']['issuer']) === $this->getDN(FILE_X509_DN_STRING, $ca['tbsCertificate']['subject']):
- 2198 $authorityKey = $this->getExtension('id-ce-authorityKeyIdentifier');
- 2199 $subjectKeyID = $this->getExtension('id-ce-subjectKeyIdentifier', $ca);
- 2200 switch (true) {
- 2201 case !is_array($authorityKey):
- 2202 case !$subjectKeyID:
- 2203 case isset($authorityKey['keyIdentifier']) && $authorityKey['keyIdentifier'] === $subjectKeyID:
- 2204 if (is_array($authorityKey) && isset($authorityKey['authorityCertSerialNumber']) && !$authorityKey['authorityCertSerialNumber']->equals($ca['tbsCertificate']['serialNumber'])) {
- 2205 break 2;
- 2206 }
- 2207 $signingCert = $ca;
- 2208 break 3;
- 2209 }
- 2210 }
- 2211 }
- 2212 if (count($this->CAs) == $i && $caonly) {
- 2213 return false;
- 2214 }
- 2215 } elseif (!isset($signingCert) || $caonly) {
- 2216 return false;
- 2217 }
- 2218 return $this->_validateSignature(
- 2219 $signingCert['tbsCertificate']['subjectPublicKeyInfo']['algorithm']['algorithm'],
- 2220 $signingCert['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey'],
- 2221 $this->currentCert['signatureAlgorithm']['algorithm'],
- 2222 substr(base64_decode($this->currentCert['signature']), 1),
- 2223 $this->signatureSubject
- 2224 );
- 2225 case isset($this->currentCert['certificationRequestInfo']):
- 2226 return $this->_validateSignature(
- 2227 $this->currentCert['certificationRequestInfo']['subjectPKInfo']['algorithm']['algorithm'],
- 2228 $this->currentCert['certificationRequestInfo']['subjectPKInfo']['subjectPublicKey'],
- 2229 $this->currentCert['signatureAlgorithm']['algorithm'],
- 2230 substr(base64_decode($this->currentCert['signature']), 1),
- 2231 $this->signatureSubject
- 2232 );
- 2233 case isset($this->currentCert['publicKeyAndChallenge']):
- 2234 return $this->_validateSignature(
- 2235 $this->currentCert['publicKeyAndChallenge']['spki']['algorithm']['algorithm'],
- 2236 $this->currentCert['publicKeyAndChallenge']['spki']['subjectPublicKey'],
- 2237 $this->currentCert['signatureAlgorithm']['algorithm'],
- 2238 substr(base64_decode($this->currentCert['signature']), 1),
- 2239 $this->signatureSubject
- 2240 );
- 2241 case isset($this->currentCert['tbsCertList']):
- 2242 if (!empty($this->CAs)) {
- 2243 for ($i = 0; $i < count($this->CAs); $i++) {
- 2244 $ca = $this->CAs[$i];
- 2245 switch (true) {
- 2246 case !defined('FILE_X509_IGNORE_TYPE') && $this->currentCert['tbsCertList']['issuer'] === $ca['tbsCertificate']['subject']:
- 2247 case defined('FILE_X509_IGNORE_TYPE') && $this->getDN(FILE_X509_DN_STRING, $this->currentCert['tbsCertList']['issuer']) === $this->getDN(FILE_X509_DN_STRING, $ca['tbsCertificate']['subject']):
- 2248 $authorityKey = $this->getExtension('id-ce-authorityKeyIdentifier');
- 2249 $subjectKeyID = $this->getExtension('id-ce-subjectKeyIdentifier', $ca);
- 2250 switch (true) {
- 2251 case !is_array($authorityKey):
- 2252 case !$subjectKeyID:
- 2253 case isset($authorityKey['keyIdentifier']) && $authorityKey['keyIdentifier'] === $subjectKeyID:
- 2254 if (is_array($authorityKey) && isset($authorityKey['authorityCertSerialNumber']) && !$authorityKey['authorityCertSerialNumber']->equals($ca['tbsCertificate']['serialNumber'])) {
- 2255 break 2;
- 2256 }
- 2257 $signingCert = $ca;
- 2258 break 3;
- 2259 }
- 2260 }
- 2261 }
- 2262 }
- 2263 if (!isset($signingCert)) {
- 2264 return false;
- 2265 }
- 2266 return $this->_validateSignature(
- 2267 $signingCert['tbsCertificate']['subjectPublicKeyInfo']['algorithm']['algorithm'],
- 2268 $signingCert['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey'],
- 2269 $this->currentCert['signatureAlgorithm']['algorithm'],
- 2270 substr(base64_decode($this->currentCert['signature']), 1),
- 2271 $this->signatureSubject
- 2272 );
- 2273 default:
- 2274 return false;
- 2275 }
- 2276 }
- 2277
- 2278
- 2279
- 2280
- 2281
- 2282
- 2283
- 2284
- 2285
- 2286
- 2287
- 2288
- 2289
- 2290
- 2291 function _validateSignature($publicKeyAlgorithm, $publicKey, $signatureAlgorithm, $signature, $signatureSubject)
- 2292 {
- 2293 switch ($publicKeyAlgorithm) {
- 2294 case 'rsaEncryption':
- 2295 if (!class_exists('Crypt_RSA')) {
- 2296 include_once 'Crypt/RSA.php';
- 2297 }
- 2298 $rsa = new Crypt_RSA();
- 2299 $rsa->loadKey($publicKey);
- 2300
- 2301 switch ($signatureAlgorithm) {
- 2302 case 'md2WithRSAEncryption':
- 2303 case 'md5WithRSAEncryption':
- 2304 case 'sha1WithRSAEncryption':
- 2305 case 'sha224WithRSAEncryption':
- 2306 case 'sha256WithRSAEncryption':
- 2307 case 'sha384WithRSAEncryption':
- 2308 case 'sha512WithRSAEncryption':
- 2309 $rsa->setHash(preg_replace('#WithRSAEncryption$#', '', $signatureAlgorithm));
- 2310 $rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1);
- 2311 if (!@$rsa->verify($signatureSubject, $signature)) {
- 2312 return false;
- 2313 }
- 2314 break;
- 2315 default:
- 2316 return null;
- 2317 }
- 2318 break;
- 2319 default:
- 2320 return null;
- 2321 }
- 2322
- 2323 return true;
- 2324 }
- 2325
- 2326
- 2327
- 2328
- 2329
- 2330
- 2331
- 2332
- 2333
- 2334
- 2335
- 2336 function _reformatKey($algorithm, $key)
- 2337 {
- 2338 switch ($algorithm) {
- 2339 case 'rsaEncryption':
- 2340 return
- 2341 "-----BEGIN RSA PUBLIC KEY-----\r\n" .
- 2342
- 2343
- 2344
- 2345 chunk_split(base64_encode(substr(base64_decode($key), 1)), 64) .
- 2346 '-----END RSA PUBLIC KEY-----';
- 2347 default:
- 2348 return $key;
- 2349 }
- 2350 }
- 2351
- 2352
- 2353
- 2354
- 2355
- 2356
- 2357
- 2358
- 2359
- 2360
- 2361 function _decodeIP($ip)
- 2362 {
- 2363 $ip = base64_decode($ip);
- 2364 list(, $ip) = unpack('N', $ip);
- 2365 return long2ip($ip);
- 2366 }
- 2367
- 2368
- 2369
- 2370
- 2371
- 2372
- 2373
- 2374
- 2375
- 2376
- 2377 function _encodeIP($ip)
- 2378 {
- 2379 return base64_encode(pack('N', ip2long($ip)));
- 2380 }
- 2381
- 2382
- 2383
- 2384
- 2385
- 2386
- 2387
- 2388
- 2389 function _translateDNProp($propName)
- 2390 {
- 2391 switch (strtolower($propName)) {
- 2392 case 'id-at-countryname':
- 2393 case 'countryname':
- 2394 case 'c':
- 2395 return 'id-at-countryName';
- 2396 case 'id-at-organizationname':
- 2397 case 'organizationname':
- 2398 case 'o':
- 2399 return 'id-at-organizationName';
- 2400 case 'id-at-dnqualifier':
- 2401 case 'dnqualifier':
- 2402 return 'id-at-dnQualifier';
- 2403 case 'id-at-commonname':
- 2404 case 'commonname':
- 2405 case 'cn':
- 2406 return 'id-at-commonName';
- 2407 case 'id-at-stateorprovincename':
- 2408 case 'stateorprovincename':
- 2409 case 'state':
- 2410 case 'province':
- 2411 case 'provincename':
- 2412 case 'st':
- 2413 return 'id-at-stateOrProvinceName';
- 2414 case 'id-at-localityname':
- 2415 case 'localityname':
- 2416 case 'l':
- 2417 return 'id-at-localityName';
- 2418 case 'id-emailaddress':
- 2419 case 'emailaddress':
- 2420 return 'pkcs-9-at-emailAddress';
- 2421 case 'id-at-serialnumber':
- 2422 case 'serialnumber':
- 2423 return 'id-at-serialNumber';
- 2424 case 'id-at-postalcode':
- 2425 case 'postalcode':
- 2426 return 'id-at-postalCode';
- 2427 case 'id-at-streetaddress':
- 2428 case 'streetaddress':
- 2429 return 'id-at-streetAddress';
- 2430 case 'id-at-name':
- 2431 case 'name':
- 2432 return 'id-at-name';
- 2433 case 'id-at-givenname':
- 2434 case 'givenname':
- 2435 return 'id-at-givenName';
- 2436 case 'id-at-surname':
- 2437 case 'surname':
- 2438 case 'sn':
- 2439 return 'id-at-surname';
- 2440 case 'id-at-initials':
- 2441 case 'initials':
- 2442 return 'id-at-initials';
- 2443 case 'id-at-generationqualifier':
- 2444 case 'generationqualifier':
- 2445 return 'id-at-generationQualifier';
- 2446 case 'id-at-organizationalunitname':
- 2447 case 'organizationalunitname':
- 2448 case 'ou':
- 2449 return 'id-at-organizationalUnitName';
- 2450 case 'id-at-pseudonym':
- 2451 case 'pseudonym':
- 2452 return 'id-at-pseudonym';
- 2453 case 'id-at-title':
- 2454 case 'title':
- 2455 return 'id-at-title';
- 2456 case 'id-at-description':
- 2457 case 'description':
- 2458 return 'id-at-description';
- 2459 case 'id-at-role':
- 2460 case 'role':
- 2461 return 'id-at-role';
- 2462 case 'id-at-uniqueidentifier':
- 2463 case 'uniqueidentifier':
- 2464 case 'x500uniqueidentifier':
- 2465 return 'id-at-uniqueIdentifier';
- 2466 case 'postaladdress':
- 2467 case 'id-at-postaladdress':
- 2468 return 'id-at-postalAddress';
- 2469 default:
- 2470 return false;
- 2471 }
- 2472 }
- 2473
- 2474
- 2475
- 2476
- 2477
- 2478
- 2479
- 2480
- 2481
- 2482
- 2483 function setDNProp($propName, $propValue, $type = 'utf8String')
- 2484 {
- 2485 if (empty($this->dn)) {
- 2486 $this->dn = array('rdnSequence' => array());
- 2487 }
- 2488
- 2489 if (($propName = $this->_translateDNProp($propName)) === false) {
- 2490 return false;
- 2491 }
- 2492
- 2493 foreach ((array) $propValue as $v) {
- 2494 if (!is_array($v) && isset($type)) {
- 2495 $v = array($type => $v);
- 2496 }
- 2497 $this->dn['rdnSequence'][] = array(
- 2498 array(
- 2499 'type' => $propName,
- 2500 'value'=> $v
- 2501 )
- 2502 );
- 2503 }
- 2504
- 2505 return true;
- 2506 }
- 2507
- 2508
- 2509
- 2510
- 2511
- 2512
- 2513
- 2514 function removeDNProp($propName)
- 2515 {
- 2516 if (empty($this->dn)) {
- 2517 return;
- 2518 }
- 2519
- 2520 if (($propName = $this->_translateDNProp($propName)) === false) {
- 2521 return;
- 2522 }
- 2523
- 2524 $dn = &$this->dn['rdnSequence'];
- 2525 $size = count($dn);
- 2526 for ($i = 0; $i < $size; $i++) {
- 2527 if ($dn[$i][0]['type'] == $propName) {
- 2528 unset($dn[$i]);
- 2529 }
- 2530 }
- 2531
- 2532 $dn = array_values($dn);
- 2533
- 2534 if (!isset($dn[0])) {
- 2535 $dn = array_splice($dn, 0, 0);
- 2536 }
- 2537 }
- 2538
- 2539
- 2540
- 2541
- 2542
- 2543
- 2544
- 2545
- 2546
- 2547
- 2548 function getDNProp($propName, $dn = null, $withType = false)
- 2549 {
- 2550 if (!isset($dn)) {
- 2551 $dn = $this->dn;
- 2552 }
- 2553
- 2554 if (empty($dn)) {
- 2555 return false;
- 2556 }
- 2557
- 2558 if (($propName = $this->_translateDNProp($propName)) === false) {
- 2559 return false;
- 2560 }
- 2561
- 2562 $asn1 = new File_ASN1();
- 2563 $asn1->loadOIDs($this->oids);
- 2564 $filters = array();
- 2565 $filters['value'] = array('type' => FILE_ASN1_TYPE_UTF8_STRING);
- 2566 $asn1->loadFilters($filters);
- 2567 $this->_mapOutDNs($dn, 'rdnSequence', $asn1);
- 2568 $dn = $dn['rdnSequence'];
- 2569 $result = array();
- 2570 for ($i = 0; $i < count($dn); $i++) {
- 2571 if ($dn[$i][0]['type'] == $propName) {
- 2572 $v = $dn[$i][0]['value'];
- 2573 if (!$withType) {
- 2574 if (is_array($v)) {
- 2575 foreach ($v as $type => $s) {
- 2576 $type = array_search($type, $asn1->ANYmap, true);
- 2577 if ($type !== false && isset($asn1->stringTypeSize[$type])) {
- 2578 $s = $asn1->convert($s, $type);
- 2579 if ($s !== false) {
- 2580 $v = $s;
- 2581 break;
- 2582 }
- 2583 }
- 2584 }
- 2585 if (is_array($v)) {
- 2586 $v = array_pop($v);
- 2587 }
- 2588 } elseif (is_object($v) && strtolower(get_class($v)) == 'file_asn1_element') {
- 2589 $map = $this->_getMapping($propName);
- 2590 if (!is_bool($map)) {
- 2591 $decoded = $asn1->decodeBER($v);
- 2592 $v = $asn1->asn1map($decoded[0], $map);
- 2593 }
- 2594 }
- 2595 }
- 2596 $result[] = $v;
- 2597 }
- 2598 }
- 2599
- 2600 return $result;
- 2601 }
- 2602
- 2603
- 2604
- 2605
- 2606
- 2607
- 2608
- 2609
- 2610
- 2611
- 2612 function setDN($dn, $merge = false, $type = 'utf8String')
- 2613 {
- 2614 if (!$merge) {
- 2615 $this->dn = null;
- 2616 }
- 2617
- 2618 if (is_array($dn)) {
- 2619 if (isset($dn['rdnSequence'])) {
- 2620 $this->dn = $dn;
- 2621 return true;
- 2622 }
- 2623
- 2624
- 2625 foreach ($dn as $prop => $value) {
- 2626 if (!$this->setDNProp($prop, $value, $type)) {
- 2627 return false;
- 2628 }
- 2629 }
- 2630 return true;
- 2631 }
- 2632
- 2633
- 2634 $results = preg_split('#((?:^|, *|/)(?:C=|O=|OU=|CN=|L=|ST=|SN=|postalCode=|streetAddress=|emailAddress=|serialNumber=|organizationalUnitName=|title=|description=|role=|x500UniqueIdentifier=|postalAddress=))#', $dn, -1, PREG_SPLIT_DELIM_CAPTURE);
- 2635 for ($i = 1; $i < count($results); $i+=2) {
- 2636 $prop = trim($results[$i], ', =/');
- 2637 $value = $results[$i + 1];
- 2638 if (!$this->setDNProp($prop, $value, $type)) {
- 2639 return false;
- 2640 }
- 2641 }
- 2642
- 2643 return true;
- 2644 }
- 2645
- 2646
- 2647
- 2648
- 2649
- 2650
- 2651
- 2652
- 2653
- 2654 function getDN($format = FILE_X509_DN_ARRAY, $dn = null)
- 2655 {
- 2656 if (!isset($dn)) {
- 2657 $dn = isset($this->currentCert['tbsCertList']) ? $this->currentCert['tbsCertList']['issuer'] : $this->dn;
- 2658 }
- 2659
- 2660 switch ((int) $format) {
- 2661 case FILE_X509_DN_ARRAY:
- 2662 return $dn;
- 2663 case FILE_X509_DN_ASN1:
- 2664 $asn1 = new File_ASN1();
- 2665 $asn1->loadOIDs($this->oids);
- 2666 $filters = array();
- 2667 $filters['rdnSequence']['value'] = array('type' => FILE_ASN1_TYPE_UTF8_STRING);
- 2668 $asn1->loadFilters($filters);
- 2669 $this->_mapOutDNs($dn, 'rdnSequence', $asn1);
- 2670 return $asn1->encodeDER($dn, $this->Name);
- 2671 case FILE_X509_DN_CANON:
- 2672
- 2673
- 2674
- 2675 $asn1 = new File_ASN1();
- 2676 $asn1->loadOIDs($this->oids);
- 2677 $filters = array();
- 2678 $filters['value'] = array('type' => FILE_ASN1_TYPE_UTF8_STRING);
- 2679 $asn1->loadFilters($filters);
- 2680 $result = '';
- 2681 $this->_mapOutDNs($dn, 'rdnSequence', $asn1);
- 2682 foreach ($dn['rdnSequence'] as $rdn) {
- 2683 foreach ($rdn as $i => $attr) {
- 2684 $attr = &$rdn[$i];
- 2685 if (is_array($attr['value'])) {
- 2686 foreach ($attr['value'] as $type => $v) {
- 2687 $type = array_search($type, $asn1->ANYmap, true);
- 2688 if ($type !== false && isset($asn1->stringTypeSize[$type])) {
- 2689 $v = $asn1->convert($v, $type);
- 2690 if ($v !== false) {
- 2691 $v = preg_replace('/\s+/', ' ', $v);
- 2692 $attr['value'] = strtolower(trim($v));
- 2693 break;
- 2694 }
- 2695 }
- 2696 }
- 2697 }
- 2698 }
- 2699 $result .= $asn1->encodeDER($rdn, $this->RelativeDistinguishedName);
- 2700 }
- 2701 return $result;
- 2702 case FILE_X509_DN_HASH:
- 2703 $dn = $this->getDN(FILE_X509_DN_CANON, $dn);
- 2704 if (!class_exists('Crypt_Hash')) {
- 2705 include_once 'Crypt/Hash.php';
- 2706 }
- 2707 $hash = new Crypt_Hash('sha1');
- 2708 $hash = $hash->hash($dn);
- 2709 extract(unpack('Vhash', $hash));
- 2710 return strtolower(bin2hex(pack('N', $hash)));
- 2711 }
- 2712
- 2713
- 2714 $start = true;
- 2715 $output = '';
- 2716 $result = array();
- 2717 $asn1 = new File_ASN1();
- 2718 $asn1->loadOIDs($this->oids);
- 2719 $filters = array();
- 2720 $filters['rdnSequence']['value'] = array('type' => FILE_ASN1_TYPE_UTF8_STRING);
- 2721 $asn1->loadFilters($filters);
- 2722 $this->_mapOutDNs($dn, 'rdnSequence', $asn1);
- 2723 foreach ($dn['rdnSequence'] as $field) {
- 2724 $prop = $field[0]['type'];
- 2725 $value = $field[0]['value'];
- 2726
- 2727 $delim = ', ';
- 2728 switch ($prop) {
- 2729 case 'id-at-countryName':
- 2730 $desc = 'C';
- 2731 break;
- 2732 case 'id-at-stateOrProvinceName':
- 2733 $desc = 'ST';
- 2734 break;
- 2735 case 'id-at-organizationName':
- 2736 $desc = 'O';
- 2737 break;
- 2738 case 'id-at-organizationalUnitName':
- 2739 $desc = 'OU';
- 2740 break;
- 2741 case 'id-at-commonName':
- 2742 $desc = 'CN';
- 2743 break;
- 2744 case 'id-at-localityName':
- 2745 $desc = 'L';
- 2746 break;
- 2747 case 'id-at-surname':
- 2748 $desc = 'SN';
- 2749 break;
- 2750 case 'id-at-uniqueIdentifier':
- 2751 $delim = '/';
- 2752 $desc = 'x500UniqueIdentifier';
- 2753 break;
- 2754 case 'id-at-postalAddress':
- 2755 $delim = '/';
- 2756 $desc = 'postalAddress';
- 2757 break;
- 2758 default:
- 2759 $delim = '/';
- 2760 $desc = preg_replace('#.+-([^-]+)$#', '$1', $prop);
- 2761 }
- 2762
- 2763 if (!$start) {
- 2764 $output.= $delim;
- 2765 }
- 2766 if (is_array($value)) {
- 2767 foreach ($value as $type => $v) {
- 2768 $type = array_search($type, $asn1->ANYmap, true);
- 2769 if ($type !== false && isset($asn1->stringTypeSize[$type])) {
- 2770 $v = $asn1->convert($v, $type);
- 2771 if ($v !== false) {
- 2772 $value = $v;
- 2773 break;
- 2774 }
- 2775 }
- 2776 }
- 2777 if (is_array($value)) {
- 2778 $value = array_pop($value);
- 2779 }
- 2780 } elseif (is_object($value) && strtolower(get_class($value)) == 'file_asn1_element') {
- 2781
- 2782 $callback = version_compare(PHP_VERSION, '5.3.0') >= 0 ?
- 2783 function ($x) { return "\x" . bin2hex($x[0]); } :
- 2784 create_function('$x', 'return "\x" . bin2hex($x[0]);');
- 2785
- 2786 $value = strtoupper(preg_replace_callback('#[^\x20-\x7E]#', $callback, $value->element));
- 2787 }
- 2788 $output.= $desc . '=' . $value;
- 2789 $result[$desc] = isset($result[$desc]) ?
- 2790 array_merge((array) $dn[$prop], array($value)) :
- 2791 $value;
- 2792 $start = false;
- 2793 }
- 2794
- 2795 return $format == FILE_X509_DN_OPENSSL ? $result : $output;
- 2796 }
- 2797
- 2798
- 2799
- 2800
- 2801
- 2802
- 2803
- 2804
- 2805 function getIssuerDN($format = FILE_X509_DN_ARRAY)
- 2806 {
- 2807 switch (true) {
- 2808 case !isset($this->currentCert) || !is_array($this->currentCert):
- 2809 break;
- 2810 case isset($this->currentCert['tbsCertificate']):
- 2811 return $this->getDN($format, $this->currentCert['tbsCertificate']['issuer']);
- 2812 case isset($this->currentCert['tbsCertList']):
- 2813 return $this->getDN($format, $this->currentCert['tbsCertList']['issuer']);
- 2814 }
- 2815
- 2816 return false;
- 2817 }
- 2818
- 2819
- 2820
- 2821
- 2822
- 2823
- 2824
- 2825
- 2826
- 2827 function getSubjectDN($format = FILE_X509_DN_ARRAY)
- 2828 {
- 2829 switch (true) {
- 2830 case !empty($this->dn):
- 2831 return $this->getDN($format);
- 2832 case !isset($this->currentCert) || !is_array($this->currentCert):
- 2833 break;
- 2834 case isset($this->currentCert['tbsCertificate']):
- 2835 return $this->getDN($format, $this->currentCert['tbsCertificate']['subject']);
- 2836 case isset($this->currentCert['certificationRequestInfo']):
- 2837 return $this->getDN($format, $this->currentCert['certificationRequestInfo']['subject']);
- 2838 }
- 2839
- 2840 return false;
- 2841 }
- 2842
- 2843
- 2844
- 2845
- 2846
- 2847
- 2848
- 2849
- 2850
- 2851 function getIssuerDNProp($propName, $withType = false)
- 2852 {
- 2853 switch (true) {
- 2854 case !isset($this->currentCert) || !is_array($this->currentCert):
- 2855 break;
- 2856 case isset($this->currentCert['tbsCertificate']):
- 2857 return $this->getDNProp($propName, $this->currentCert['tbsCertificate']['issuer'], $withType);
- 2858 case isset($this->currentCert['tbsCertList']):
- 2859 return $this->getDNProp($propName, $this->currentCert['tbsCertList']['issuer'], $withType);
- 2860 }
- 2861
- 2862 return false;
- 2863 }
- 2864
- 2865
- 2866
- 2867
- 2868
- 2869
- 2870
- 2871
- 2872
- 2873 function getSubjectDNProp($propName, $withType = false)
- 2874 {
- 2875 switch (true) {
- 2876 case !empty($this->dn):
- 2877 return $this->getDNProp($propName, null, $withType);
- 2878 case !isset($this->currentCert) || !is_array($this->currentCert):
- 2879 break;
- 2880 case isset($this->currentCert['tbsCertificate']):
- 2881 return $this->getDNProp($propName, $this->currentCert['tbsCertificate']['subject'], $withType);
- 2882 case isset($this->currentCert['certificationRequestInfo']):
- 2883 return $this->getDNProp($propName, $this->currentCert['certificationRequestInfo']['subject'], $withType);
- 2884 }
- 2885
- 2886 return false;
- 2887 }
- 2888
- 2889
- 2890
- 2891
- 2892
- 2893
- 2894
- 2895 function getChain()
- 2896 {
- 2897 $chain = array($this->currentCert);
- 2898
- 2899 if (!is_array($this->currentCert) || !isset($this->currentCert['tbsCertificate'])) {
- 2900 return false;
- 2901 }
- 2902 if (empty($this->CAs)) {
- 2903 return $chain;
- 2904 }
- 2905 while (true) {
- 2906 $currentCert = $chain[count($chain) - 1];
- 2907 for ($i = 0; $i < count($this->CAs); $i++) {
- 2908 $ca = $this->CAs[$i];
- 2909 if ($currentCert['tbsCertificate']['issuer'] === $ca['tbsCertificate']['subject']) {
- 2910 $authorityKey = $this->getExtension('id-ce-authorityKeyIdentifier', $currentCert);
- 2911 $subjectKeyID = $this->getExtension('id-ce-subjectKeyIdentifier', $ca);
- 2912 switch (true) {
- 2913 case !is_array($authorityKey):
- 2914 case is_array($authorityKey) && isset($authorityKey['keyIdentifier']) && $authorityKey['keyIdentifier'] === $subjectKeyID:
- 2915 if ($currentCert === $ca) {
- 2916 break 3;
- 2917 }
- 2918 $chain[] = $ca;
- 2919 break 2;
- 2920 }
- 2921 }
- 2922 }
- 2923 if ($i == count($this->CAs)) {
- 2924 break;
- 2925 }
- 2926 }
- 2927 foreach ($chain as $key => $value) {
- 2928 $chain[$key] = new File_X509();
- 2929 $chain[$key]->loadX509($value);
- 2930 }
- 2931 return $chain;
- 2932 }
- 2933
- 2934
- 2935
- 2936
- 2937
- 2938
- 2939
- 2940
- 2941
- 2942
- 2943 function setPublicKey($key)
- 2944 {
- 2945 $key->setPublicKey();
- 2946 $this->publicKey = $key;
- 2947 }
- 2948
- 2949
- 2950
- 2951
- 2952
- 2953
- 2954
- 2955
- 2956
- 2957 function setPrivateKey($key)
- 2958 {
- 2959 $this->privateKey = $key;
- 2960 }
- 2961
- 2962
- 2963
- 2964
- 2965
- 2966
- 2967
- 2968
- 2969
- 2970 function setChallenge($challenge)
- 2971 {
- 2972 $this->challenge = $challenge;
- 2973 }
- 2974
- 2975
- 2976
- 2977
- 2978
- 2979
- 2980
- 2981
- 2982
- 2983 function getPublicKey()
- 2984 {
- 2985 if (isset($this->publicKey)) {
- 2986 return $this->publicKey;
- 2987 }
- 2988
- 2989 if (isset($this->currentCert) && is_array($this->currentCert)) {
- 2990 foreach (array('tbsCertificate/subjectPublicKeyInfo', 'certificationRequestInfo/subjectPKInfo') as $path) {
- 2991 $keyinfo = $this->_subArray($this->currentCert, $path);
- 2992 if (!empty($keyinfo)) {
- 2993 break;
- 2994 }
- 2995 }
- 2996 }
- 2997 if (empty($keyinfo)) {
- 2998 return false;
- 2999 }
- 3000
- 3001 $key = $keyinfo['subjectPublicKey'];
- 3002
- 3003 switch ($keyinfo['algorithm']['algorithm']) {
- 3004 case 'rsaEncryption':
- 3005 if (!class_exists('Crypt_RSA')) {
- 3006 include_once 'Crypt/RSA.php';
- 3007 }
- 3008 $publicKey = new Crypt_RSA();
- 3009 $publicKey->loadKey($key);
- 3010 $publicKey->setPublicKey();
- 3011 break;
- 3012 default:
- 3013 return false;
- 3014 }
- 3015
- 3016 return $publicKey;
- 3017 }
- 3018
- 3019
- 3020
- 3021
- 3022
- 3023
- 3024
- 3025
- 3026 function loadCSR($csr, $mode = FILE_X509_FORMAT_AUTO_DETECT)
- 3027 {
- 3028 if (is_array($csr) && isset($csr['certificationRequestInfo'])) {
- 3029 unset($this->currentCert);
- 3030 unset($this->currentKeyIdentifier);
- 3031 unset($this->signatureSubject);
- 3032 $this->dn = $csr['certificationRequestInfo']['subject'];
- 3033 if (!isset($this->dn)) {
- 3034 return false;
- 3035 }
- 3036
- 3037 $this->currentCert = $csr;
- 3038 return $csr;
- 3039 }
- 3040
- 3041
- 3042
- 3043 $asn1 = new File_ASN1();
- 3044
- 3045 if ($mode != FILE_X509_FORMAT_DER) {
- 3046 $newcsr = $this->_extractBER($csr);
- 3047 if ($mode == FILE_X509_FORMAT_PEM && $csr == $newcsr) {
- 3048 return false;
- 3049 }
- 3050 $csr = $newcsr;
- 3051 }
- 3052 $orig = $csr;
- 3053
- 3054 if ($csr === false) {
- 3055 $this->currentCert = false;
- 3056 return false;
- 3057 }
- 3058
- 3059 $asn1->loadOIDs($this->oids);
- 3060 $decoded = $asn1->decodeBER($csr);
- 3061
- 3062 if (empty($decoded)) {
- 3063 $this->currentCert = false;
- 3064 return false;
- 3065 }
- 3066
- 3067 $csr = $asn1->asn1map($decoded[0], $this->CertificationRequest);
- 3068 if (!isset($csr) || $csr === false) {
- 3069 $this->currentCert = false;
- 3070 return false;
- 3071 }
- 3072
- 3073 $this->_mapInAttributes($csr, 'certificationRequestInfo/attributes', $asn1);
- 3074 $this->_mapInDNs($csr, 'certificationRequestInfo/subject/rdnSequence', $asn1);
- 3075
- 3076 $this->dn = $csr['certificationRequestInfo']['subject'];
- 3077
- 3078 $this->signatureSubject = substr($orig, $decoded[0]['content'][0]['start'], $decoded[0]['content'][0]['length']);
- 3079
- 3080 $algorithm = &$csr['certificationRequestInfo']['subjectPKInfo']['algorithm']['algorithm'];
- 3081 $key = &$csr['certificationRequestInfo']['subjectPKInfo']['subjectPublicKey'];
- 3082 $key = $this->_reformatKey($algorithm, $key);
- 3083
- 3084 switch ($algorithm) {
- 3085 case 'rsaEncryption':
- 3086 if (!class_exists('Crypt_RSA')) {
- 3087 include_once 'Crypt/RSA.php';
- 3088 }
- 3089 $this->publicKey = new Crypt_RSA();
- 3090 $this->publicKey->loadKey($key);
- 3091 $this->publicKey->setPublicKey();
- 3092 break;
- 3093 default:
- 3094 $this->publicKey = null;
- 3095 }
- 3096
- 3097 $this->currentKeyIdentifier = null;
- 3098 $this->currentCert = $csr;
- 3099
- 3100 return $csr;
- 3101 }
- 3102
- 3103
- 3104
- 3105
- 3106
- 3107
- 3108
- 3109
- 3110
- 3111 function saveCSR($csr, $format = FILE_X509_FORMAT_PEM)
- 3112 {
- 3113 if (!is_array($csr) || !isset($csr['certificationRequestInfo'])) {
- 3114 return false;
- 3115 }
- 3116
- 3117 switch (true) {
- 3118 case !($algorithm = $this->_subArray($csr, 'certificationRequestInfo/subjectPKInfo/algorithm/algorithm')):
- 3119 case is_object($csr['certificationRequestInfo']['subjectPKInfo']['subjectPublicKey']):
- 3120 break;
- 3121 default:
- 3122 switch ($algorithm) {
- 3123 case 'rsaEncryption':
- 3124 $csr['certificationRequestInfo']['subjectPKInfo']['subjectPublicKey']
- 3125 = base64_encode("\0" . base64_decode(preg_replace('#-.+-|[\r\n]#', '', $csr['certificationRequestInfo']['subjectPKInfo']['subjectPublicKey'])));
- 3126 $csr['certificationRequestInfo']['subjectPKInfo']['algorithm']['parameters'] = null;
- 3127 $csr['signatureAlgorithm']['parameters'] = null;
- 3128 $csr['certificationRequestInfo']['signature']['parameters'] = null;
- 3129 }
- 3130 }
- 3131
- 3132 $asn1 = new File_ASN1();
- 3133
- 3134 $asn1->loadOIDs($this->oids);
- 3135
- 3136 $filters = array();
- 3137 $filters['certificationRequestInfo']['subject']['rdnSequence']['value']
- 3138 = array('type' => FILE_ASN1_TYPE_UTF8_STRING);
- 3139
- 3140 $asn1->loadFilters($filters);
- 3141
- 3142 $this->_mapOutDNs($csr, 'certificationRequestInfo/subject/rdnSequence', $asn1);
- 3143 $this->_mapOutAttributes($csr, 'certificationRequestInfo/attributes', $asn1);
- 3144 $csr = $asn1->encodeDER($csr, $this->CertificationRequest);
- 3145
- 3146 switch ($format) {
- 3147 case FILE_X509_FORMAT_DER:
- 3148 return $csr;
- 3149
- 3150 default:
- 3151 return "-----BEGIN CERTIFICATE REQUEST-----\r\n" . chunk_split(base64_encode($csr), 64) . '-----END CERTIFICATE REQUEST-----';
- 3152 }
- 3153 }
- 3154
- 3155
- 3156
- 3157
- 3158
- 3159
- 3160
- 3161
- 3162
- 3163
- 3164
- 3165
- 3166 function loadSPKAC($spkac)
- 3167 {
- 3168 if (is_array($spkac) && isset($spkac['publicKeyAndChallenge'])) {
- 3169 unset($this->currentCert);
- 3170 unset($this->currentKeyIdentifier);
- 3171 unset($this->signatureSubject);
- 3172 $this->currentCert = $spkac;
- 3173 return $spkac;
- 3174 }
- 3175
- 3176
- 3177
- 3178 $asn1 = new File_ASN1();
- 3179
- 3180
- 3181 $temp = preg_replace('#(?:SPKAC=)|[ \r\n\\\]#', '', $spkac);
- 3182 $temp = preg_match('#^[a-zA-Z\d/+]*={0,2}$#', $temp) ? base64_decode($temp) : false;
- 3183 if ($temp != false) {
- 3184 $spkac = $temp;
- 3185 }
- 3186 $orig = $spkac;
- 3187
- 3188 if ($spkac === false) {
- 3189 $this->currentCert = false;
- 3190 return false;
- 3191 }
- 3192
- 3193 $asn1->loadOIDs($this->oids);
- 3194 $decoded = $asn1->decodeBER($spkac);
- 3195
- 3196 if (empty($decoded)) {
- 3197 $this->currentCert = false;
- 3198 return false;
- 3199 }
- 3200
- 3201 $spkac = $asn1->asn1map($decoded[0], $this->SignedPublicKeyAndChallenge);
- 3202
- 3203 if (!isset($spkac) || $spkac === false) {
- 3204 $this->currentCert = false;
- 3205 return false;
- 3206 }
- 3207
- 3208 $this->signatureSubject = substr($orig, $decoded[0]['content'][0]['start'], $decoded[0]['content'][0]['length']);
- 3209
- 3210 $algorithm = &$spkac['publicKeyAndChallenge']['spki']['algorithm']['algorithm'];
- 3211 $key = &$spkac['publicKeyAndChallenge']['spki']['subjectPublicKey'];
- 3212 $key = $this->_reformatKey($algorithm, $key);
- 3213
- 3214 switch ($algorithm) {
- 3215 case 'rsaEncryption':
- 3216 if (!class_exists('Crypt_RSA')) {
- 3217 include_once 'Crypt/RSA.php';
- 3218 }
- 3219 $this->publicKey = new Crypt_RSA();
- 3220 $this->publicKey->loadKey($key);
- 3221 $this->publicKey->setPublicKey();
- 3222 break;
- 3223 default:
- 3224 $this->publicKey = null;
- 3225 }
- 3226
- 3227 $this->currentKeyIdentifier = null;
- 3228 $this->currentCert = $spkac;
- 3229
- 3230 return $spkac;
- 3231 }
- 3232
- 3233
- 3234
- 3235
- 3236
- 3237
- 3238
- 3239
- 3240
- 3241 function saveSPKAC($spkac, $format = FILE_X509_FORMAT_PEM)
- 3242 {
- 3243 if (!is_array($spkac) || !isset($spkac['publicKeyAndChallenge'])) {
- 3244 return false;
- 3245 }
- 3246
- 3247 $algorithm = $this->_subArray($spkac, 'publicKeyAndChallenge/spki/algorithm/algorithm');
- 3248 switch (true) {
- 3249 case !$algorithm:
- 3250 case is_object($spkac['publicKeyAndChallenge']['spki']['subjectPublicKey']):
- 3251 break;
- 3252 default:
- 3253 switch ($algorithm) {
- 3254 case 'rsaEncryption':
- 3255 $spkac['publicKeyAndChallenge']['spki']['subjectPublicKey']
- 3256 = base64_encode("\0" . base64_decode(preg_replace('#-.+-|[\r\n]#', '', $spkac['publicKeyAndChallenge']['spki']['subjectPublicKey'])));
- 3257 }
- 3258 }
- 3259
- 3260 $asn1 = new File_ASN1();
- 3261
- 3262 $asn1->loadOIDs($this->oids);
- 3263 $spkac = $asn1->encodeDER($spkac, $this->SignedPublicKeyAndChallenge);
- 3264
- 3265 switch ($format) {
- 3266 case FILE_X509_FORMAT_DER:
- 3267 return $spkac;
- 3268
- 3269 default:
- 3270
- 3271
- 3272 return 'SPKAC=' . base64_encode($spkac);
- 3273 }
- 3274 }
- 3275
- 3276
- 3277
- 3278
- 3279
- 3280
- 3281
- 3282
- 3283 function loadCRL($crl, $mode = FILE_X509_FORMAT_AUTO_DETECT)
- 3284 {
- 3285 if (is_array($crl) && isset($crl['tbsCertList'])) {
- 3286 $this->currentCert = $crl;
- 3287 unset($this->signatureSubject);
- 3288 return $crl;
- 3289 }
- 3290
- 3291 $asn1 = new File_ASN1();
- 3292
- 3293 if ($mode != FILE_X509_FORMAT_DER) {
- 3294 $newcrl = $this->_extractBER($crl);
- 3295 if ($mode == FILE_X509_FORMAT_PEM && $crl == $newcrl) {
- 3296 return false;
- 3297 }
- 3298 $crl = $newcrl;
- 3299 }
- 3300 $orig = $crl;
- 3301
- 3302 if ($crl === false) {
- 3303 $this->currentCert = false;
- 3304 return false;
- 3305 }
- 3306
- 3307 $asn1->loadOIDs($this->oids);
- 3308 $decoded = $asn1->decodeBER($crl);
- 3309
- 3310 if (empty($decoded)) {
- 3311 $this->currentCert = false;
- 3312 return false;
- 3313 }
- 3314
- 3315 $crl = $asn1->asn1map($decoded[0], $this->CertificateList);
- 3316 if (!isset($crl) || $crl === false) {
- 3317 $this->currentCert = false;
- 3318 return false;
- 3319 }
- 3320
- 3321 $this->signatureSubject = substr($orig, $decoded[0]['content'][0]['start'], $decoded[0]['content'][0]['length']);
- 3322
- 3323 $this->_mapInDNs($crl, 'tbsCertList/issuer/rdnSequence', $asn1);
- 3324 if ($this->_isSubArrayValid($crl, 'tbsCertList/crlExtensions')) {
- 3325 $this->_mapInExtensions($crl, 'tbsCertList/crlExtensions', $asn1);
- 3326 }
- 3327 if ($this->_isSubArrayValid($crl, 'tbsCertList/revokedCertificates')) {
- 3328 $rclist_ref = &$this->_subArrayUnchecked($crl, 'tbsCertList/revokedCertificates');
- 3329 if ($rclist_ref) {
- 3330 $rclist = $crl['tbsCertList']['revokedCertificates'];
- 3331 foreach ($rclist as $i => $extension) {
- 3332 if ($this->_isSubArrayValid($rclist, "$i/crlEntryExtensions", $asn1)) {
- 3333 $this->_mapInExtensions($rclist_ref, "$i/crlEntryExtensions", $asn1);
- 3334 }
- 3335 }
- 3336 }
- 3337 }
- 3338
- 3339 $this->currentKeyIdentifier = null;
- 3340 $this->currentCert = $crl;
- 3341
- 3342 return $crl;
- 3343 }
- 3344
- 3345
- 3346
- 3347
- 3348
- 3349
- 3350
- 3351
- 3352
- 3353 function saveCRL($crl, $format = FILE_X509_FORMAT_PEM)
- 3354 {
- 3355 if (!is_array($crl) || !isset($crl['tbsCertList'])) {
- 3356 return false;
- 3357 }
- 3358
- 3359 $asn1 = new File_ASN1();
- 3360
- 3361 $asn1->loadOIDs($this->oids);
- 3362
- 3363 $filters = array();
- 3364 $filters['tbsCertList']['issuer']['rdnSequence']['value']
- 3365 = array('type' => FILE_ASN1_TYPE_UTF8_STRING);
- 3366 $filters['tbsCertList']['signature']['parameters']
- 3367 = array('type' => FILE_ASN1_TYPE_UTF8_STRING);
- 3368 $filters['signatureAlgorithm']['parameters']
- 3369 = array('type' => FILE_ASN1_TYPE_UTF8_STRING);
- 3370
- 3371 if (empty($crl['tbsCertList']['signature']['parameters'])) {
- 3372 $filters['tbsCertList']['signature']['parameters']
- 3373 = array('type' => FILE_ASN1_TYPE_NULL);
- 3374 }
- 3375
- 3376 if (empty($crl['signatureAlgorithm']['parameters'])) {
- 3377 $filters['signatureAlgorithm']['parameters']
- 3378 = array('type' => FILE_ASN1_TYPE_NULL);
- 3379 }
- 3380
- 3381 $asn1->loadFilters($filters);
- 3382
- 3383 $this->_mapOutDNs($crl, 'tbsCertList/issuer/rdnSequence', $asn1);
- 3384 $this->_mapOutExtensions($crl, 'tbsCertList/crlExtensions', $asn1);
- 3385 $rclist = &$this->_subArray($crl, 'tbsCertList/revokedCertificates');
- 3386 if (is_array($rclist)) {
- 3387 foreach ($rclist as $i => $extension) {
- 3388 $this->_mapOutExtensions($rclist, "$i/crlEntryExtensions", $asn1);
- 3389 }
- 3390 }
- 3391
- 3392 $crl = $asn1->encodeDER($crl, $this->CertificateList);
- 3393
- 3394 switch ($format) {
- 3395 case FILE_X509_FORMAT_DER:
- 3396 return $crl;
- 3397
- 3398 default:
- 3399 return "-----BEGIN X509 CRL-----\r\n" . chunk_split(base64_encode($crl), 64) . '-----END X509 CRL-----';
- 3400 }
- 3401 }
- 3402
- 3403
- 3404
- 3405
- 3406
- 3407
- 3408
- 3409
- 3410
- 3411
- 3412
- 3413
- 3414
- 3415 function _timeField($date)
- 3416 {
- 3417 if (is_object($date) && strtolower(get_class($date)) == 'file_asn1_element') {
- 3418 return $date;
- 3419 }
- 3420 if (!class_exists('DateTime')) {
- 3421 $year = @gmdate("Y", @strtotime($date));
- 3422 } else {
- 3423 $dateObj = new DateTime($date, new DateTimeZone('GMT'));
- 3424 $year = $dateObj->format('Y');
- 3425 }
- 3426 if ($year < 2050) {
- 3427 return array('utcTime' => $date);
- 3428 } else {
- 3429 return array('generalTime' => $date);
- 3430 }
- 3431 }
- 3432
- 3433
- 3434
- 3435
- 3436
- 3437
- 3438
- 3439
- 3440
- 3441
- 3442
- 3443
- 3444
- 3445
- 3446 function sign($issuer, $subject, $signatureAlgorithm = 'sha1WithRSAEncryption')
- 3447 {
- 3448 if (!is_object($issuer->privateKey) || empty($issuer->dn)) {
- 3449 return false;
- 3450 }
- 3451
- 3452 if (isset($subject->publicKey) && !($subjectPublicKey = $subject->_formatSubjectPublicKey())) {
- 3453 return false;
- 3454 }
- 3455
- 3456 $currentCert = isset($this->currentCert) ? $this->currentCert : null;
- 3457 $signatureSubject = isset($this->signatureSubject) ? $this->signatureSubject: null;
- 3458
- 3459 if (isset($subject->currentCert) && is_array($subject->currentCert) && isset($subject->currentCert['tbsCertificate'])) {
- 3460 $this->currentCert = $subject->currentCert;
- 3461 $this->currentCert['tbsCertificate']['signature']['algorithm'] = $signatureAlgorithm;
- 3462 $this->currentCert['signatureAlgorithm']['algorithm'] = $signatureAlgorithm;
- 3463
- 3464 if (!empty($this->startDate)) {
- 3465 $this->currentCert['tbsCertificate']['validity']['notBefore'] = $this->_timeField($this->startDate);
- 3466 }
- 3467 if (!empty($this->endDate)) {
- 3468 $this->currentCert['tbsCertificate']['validity']['notAfter'] = $this->_timeField($this->endDate);
- 3469 }
- 3470 if (!empty($this->serialNumber)) {
- 3471 $this->currentCert['tbsCertificate']['serialNumber'] = $this->serialNumber;
- 3472 }
- 3473 if (!empty($subject->dn)) {
- 3474 $this->currentCert['tbsCertificate']['subject'] = $subject->dn;
- 3475 }
- 3476 if (!empty($subject->publicKey)) {
- 3477 $this->currentCert['tbsCertificate']['subjectPublicKeyInfo'] = $subjectPublicKey;
- 3478 }
- 3479 $this->removeExtension('id-ce-authorityKeyIdentifier');
- 3480 if (isset($subject->domains)) {
- 3481 $this->removeExtension('id-ce-subjectAltName');
- 3482 }
- 3483 } elseif (isset($subject->currentCert) && is_array($subject->currentCert) && isset($subject->currentCert['tbsCertList'])) {
- 3484 return false;
- 3485 } else {
- 3486 if (!isset($subject->publicKey)) {
- 3487 return false;
- 3488 }
- 3489
- 3490 if (!class_exists('DateTime')) {
- 3491 $startDate = !empty($this->startDate) ? $this->startDate : @date('D, d M Y H:i:s O');
- 3492 $endDate = !empty($this->endDate) ? $this->endDate : @date('D, d M Y H:i:s O', strtotime('+1 year'));
- 3493 } else {
- 3494 $startDate = new DateTime('now', new DateTimeZone(@date_default_timezone_get()));
- 3495 $startDate = !empty($this->startDate) ? $this->startDate : $startDate->format('D, d M Y H:i:s O');
- 3496
- 3497 $endDate = new DateTime('+1 year', new DateTimeZone(@date_default_timezone_get()));
- 3498 $endDate = !empty($this->endDate) ? $this->endDate : $endDate->format('D, d M Y H:i:s O');
- 3499 }
- 3500 if (!empty($this->serialNumber)) {
- 3501 $serialNumber = $this->serialNumber;
- 3502 } else {
- 3503 if (!function_exists('crypt_random_string')) {
- 3504 include_once 'Crypt/Random.php';
- 3505 }
- 3506
- 3507
- 3508
- 3509
- 3510
- 3511
- 3512
- 3513 $serialNumber = new Math_BigInteger(crypt_random_string(20) & ("\x7F" . str_repeat("\xFF", 19)), 256);
- 3514 }
- 3515
- 3516 $this->currentCert = array(
- 3517 'tbsCertificate' =>
- 3518 array(
- 3519 'version' => 'v3',
- 3520 'serialNumber' => $serialNumber,
- 3521 'signature' => array('algorithm' => $signatureAlgorithm),
- 3522 'issuer' => false,
- 3523 'validity' => array(
- 3524 'notBefore' => $this->_timeField($startDate),
- 3525 'notAfter' => $this->_timeField($endDate)
- 3526 ),
- 3527 'subject' => $subject->dn,
- 3528 'subjectPublicKeyInfo' => $subjectPublicKey
- 3529 ),
- 3530 'signatureAlgorithm' => array('algorithm' => $signatureAlgorithm),
- 3531 'signature' => false
- 3532 );
- 3533
- 3534
- 3535 $csrexts = $subject->getAttribute('pkcs-9-at-extensionRequest', 0);
- 3536
- 3537 if (!empty($csrexts)) {
- 3538 $this->currentCert['tbsCertificate']['extensions'] = $csrexts;
- 3539 }
- 3540 }
- 3541
- 3542 $this->currentCert['tbsCertificate']['issuer'] = $issuer->dn;
- 3543
- 3544 if (isset($issuer->currentKeyIdentifier)) {
- 3545 $this->setExtension('id-ce-authorityKeyIdentifier', array(
- 3546
- 3547
- 3548
- 3549
- 3550
- 3551 'keyIdentifier' => $issuer->currentKeyIdentifier
- 3552 ));
- 3553
- 3554
- 3555
- 3556
- 3557
- 3558 }
- 3559
- 3560 if (isset($subject->currentKeyIdentifier)) {
- 3561 $this->setExtension('id-ce-subjectKeyIdentifier', $subject->currentKeyIdentifier);
- 3562 }
- 3563
- 3564 $altName = array();
- 3565
- 3566 if (isset($subject->domains) && count($subject->domains)) {
- 3567 $altName = array_map(array('File_X509', '_dnsName'), $subject->domains);
- 3568 }
- 3569
- 3570 if (isset($subject->ipAddresses) && count($subject->ipAddresses)) {
- 3571
- 3572
- 3573 $ipAddresses = array();
- 3574 foreach ($subject->ipAddresses as $ipAddress) {
- 3575 $encoded = $subject->_ipAddress($ipAddress);
- 3576 if ($encoded !== false) {
- 3577 $ipAddresses[] = $encoded;
- 3578 }
- 3579 }
- 3580 if (count($ipAddresses)) {
- 3581 $altName = array_merge($altName, $ipAddresses);
- 3582 }
- 3583 }
- 3584
- 3585 if (!empty($altName)) {
- 3586 $this->setExtension('id-ce-subjectAltName', $altName);
- 3587 }
- 3588
- 3589 if ($this->caFlag) {
- 3590 $keyUsage = $this->getExtension('id-ce-keyUsage');
- 3591 if (!$keyUsage) {
- 3592 $keyUsage = array();
- 3593 }
- 3594
- 3595 $this->setExtension(
- 3596 'id-ce-keyUsage',
- 3597 array_values(array_unique(array_merge($keyUsage, array('cRLSign', 'keyCertSign'))))
- 3598 );
- 3599
- 3600 $basicConstraints = $this->getExtension('id-ce-basicConstraints');
- 3601 if (!$basicConstraints) {
- 3602 $basicConstraints = array();
- 3603 }
- 3604
- 3605 $this->setExtension(
- 3606 'id-ce-basicConstraints',
- 3607 array_unique(array_merge(array('cA' => true), $basicConstraints)),
- 3608 true
- 3609 );
- 3610
- 3611 if (!isset($subject->currentKeyIdentifier)) {
- 3612 $this->setExtension('id-ce-subjectKeyIdentifier', base64_encode($this->computeKeyIdentifier($this->currentCert)), false, false);
- 3613 }
- 3614 }
- 3615
- 3616
- 3617
- 3618 $tbsCertificate = $this->currentCert['tbsCertificate'];
- 3619 $this->loadX509($this->saveX509($this->currentCert));
- 3620
- 3621 $result = $this->_sign($issuer->privateKey, $signatureAlgorithm);
- 3622 $result['tbsCertificate'] = $tbsCertificate;
- 3623
- 3624 $this->currentCert = $currentCert;
- 3625 $this->signatureSubject = $signatureSubject;
- 3626
- 3627 return $result;
- 3628 }
- 3629
- 3630
- 3631
- 3632
- 3633
- 3634
- 3635
- 3636 function signCSR($signatureAlgorithm = 'sha1WithRSAEncryption')
- 3637 {
- 3638 if (!is_object($this->privateKey) || empty($this->dn)) {
- 3639 return false;
- 3640 }
- 3641
- 3642 $origPublicKey = $this->publicKey;
- 3643 $class = get_class($this->privateKey);
- 3644 $this->publicKey = new $class();
- 3645 $this->publicKey->loadKey($this->privateKey->getPublicKey());
- 3646 $this->publicKey->setPublicKey();
- 3647 if (!($publicKey = $this->_formatSubjectPublicKey())) {
- 3648 return false;
- 3649 }
- 3650 $this->publicKey = $origPublicKey;
- 3651
- 3652 $currentCert = isset($this->currentCert) ? $this->currentCert : null;
- 3653 $signatureSubject = isset($this->signatureSubject) ? $this->signatureSubject: null;
- 3654
- 3655 if (isset($this->currentCert) && is_array($this->currentCert) && isset($this->currentCert['certificationRequestInfo'])) {
- 3656 $this->currentCert['signatureAlgorithm']['algorithm'] = $signatureAlgorithm;
- 3657 if (!empty($this->dn)) {
- 3658 $this->currentCert['certificationRequestInfo']['subject'] = $this->dn;
- 3659 }
- 3660 $this->currentCert['certificationRequestInfo']['subjectPKInfo'] = $publicKey;
- 3661 } else {
- 3662 $this->currentCert = array(
- 3663 'certificationRequestInfo' =>
- 3664 array(
- 3665 'version' => 'v1',
- 3666 'subject' => $this->dn,
- 3667 'subjectPKInfo' => $publicKey
- 3668 ),
- 3669 'signatureAlgorithm' => array('algorithm' => $signatureAlgorithm),
- 3670 'signature' => false
- 3671 );
- 3672 }
- 3673
- 3674
- 3675
- 3676 $certificationRequestInfo = $this->currentCert['certificationRequestInfo'];
- 3677 $this->loadCSR($this->saveCSR($this->currentCert));
- 3678
- 3679 $result = $this->_sign($this->privateKey, $signatureAlgorithm);
- 3680 $result['certificationRequestInfo'] = $certificationRequestInfo;
- 3681
- 3682 $this->currentCert = $currentCert;
- 3683 $this->signatureSubject = $signatureSubject;
- 3684
- 3685 return $result;
- 3686 }
- 3687
- 3688
- 3689
- 3690
- 3691
- 3692
- 3693
- 3694 function signSPKAC($signatureAlgorithm = 'sha1WithRSAEncryption')
- 3695 {
- 3696 if (!is_object($this->privateKey)) {
- 3697 return false;
- 3698 }
- 3699
- 3700 $origPublicKey = $this->publicKey;
- 3701 $class = get_class($this->privateKey);
- 3702 $this->publicKey = new $class();
- 3703 $this->publicKey->loadKey($this->privateKey->getPublicKey());
- 3704 $this->publicKey->setPublicKey();
- 3705 $publicKey = $this->_formatSubjectPublicKey();
- 3706 if (!$publicKey) {
- 3707 return false;
- 3708 }
- 3709 $this->publicKey = $origPublicKey;
- 3710
- 3711 $currentCert = isset($this->currentCert) ? $this->currentCert : null;
- 3712 $signatureSubject = isset($this->signatureSubject) ? $this->signatureSubject: null;
- 3713
- 3714
- 3715 if (isset($this->currentCert) && is_array($this->currentCert) && isset($this->currentCert['publicKeyAndChallenge'])) {
- 3716 $this->currentCert['signatureAlgorithm']['algorithm'] = $signatureAlgorithm;
- 3717 $this->currentCert['publicKeyAndChallenge']['spki'] = $publicKey;
- 3718 if (!empty($this->challenge)) {
- 3719
- 3720 $this->currentCert['publicKeyAndChallenge']['challenge'] = $this->challenge & str_repeat("\x7F", strlen($this->challenge));
- 3721 }
- 3722 } else {
- 3723 $this->currentCert = array(
- 3724 'publicKeyAndChallenge' =>
- 3725 array(
- 3726 'spki' => $publicKey,
- 3727
- 3728
- 3729
- 3730
- 3731
- 3732 'challenge' => !empty($this->challenge) ? $this->challenge : ''
- 3733 ),
- 3734 'signatureAlgorithm' => array('algorithm' => $signatureAlgorithm),
- 3735 'signature' => false
- 3736 );
- 3737 }
- 3738
- 3739
- 3740
- 3741 $publicKeyAndChallenge = $this->currentCert['publicKeyAndChallenge'];
- 3742 $this->loadSPKAC($this->saveSPKAC($this->currentCert));
- 3743
- 3744 $result = $this->_sign($this->privateKey, $signatureAlgorithm);
- 3745 $result['publicKeyAndChallenge'] = $publicKeyAndChallenge;
- 3746
- 3747 $this->currentCert = $currentCert;
- 3748 $this->signatureSubject = $signatureSubject;
- 3749
- 3750 return $result;
- 3751 }
- 3752
- 3753
- 3754
- 3755
- 3756
- 3757
- 3758
- 3759
- 3760
- 3761
- 3762
- 3763
- 3764 function signCRL($issuer, $crl, $signatureAlgorithm = 'sha1WithRSAEncryption')
- 3765 {
- 3766 if (!is_object($issuer->privateKey) || empty($issuer->dn)) {
- 3767 return false;
- 3768 }
- 3769
- 3770 $currentCert = isset($this->currentCert) ? $this->currentCert : null;
- 3771 $signatureSubject = isset($this->signatureSubject) ? $this->signatureSubject : null;
- 3772 if (!class_exists('DateTime')) {
- 3773 $thisUpdate = !empty($this->startDate) ? $this->startDate : @date('D, d M Y H:i:s O');
- 3774 } else {
- 3775 $thisUpdate = new DateTime('now', new DateTimeZone(@date_default_timezone_get()));
- 3776 $thisUpdate = !empty($this->startDate) ? $this->startDate : $thisUpdate->format('D, d M Y H:i:s O');
- 3777 }
- 3778
- 3779 if (isset($crl->currentCert) && is_array($crl->currentCert) && isset($crl->currentCert['tbsCertList'])) {
- 3780 $this->currentCert = $crl->currentCert;
- 3781 $this->currentCert['tbsCertList']['signature']['algorithm'] = $signatureAlgorithm;
- 3782 $this->currentCert['signatureAlgorithm']['algorithm'] = $signatureAlgorithm;
- 3783 } else {
- 3784 $this->currentCert = array(
- 3785 'tbsCertList' =>
- 3786 array(
- 3787 'version' => 'v2',
- 3788 'signature' => array('algorithm' => $signatureAlgorithm),
- 3789 'issuer' => false,
- 3790 'thisUpdate' => $this->_timeField($thisUpdate)
- 3791 ),
- 3792 'signatureAlgorithm' => array('algorithm' => $signatureAlgorithm),
- 3793 'signature' => false
- 3794 );
- 3795 }
- 3796
- 3797 $tbsCertList = &$this->currentCert['tbsCertList'];
- 3798 $tbsCertList['issuer'] = $issuer->dn;
- 3799 $tbsCertList['thisUpdate'] = $this->_timeField($thisUpdate);
- 3800
- 3801 if (!empty($this->endDate)) {
- 3802 $tbsCertList['nextUpdate'] = $this->_timeField($this->endDate);
- 3803 } else {
- 3804 unset($tbsCertList['nextUpdate']);
- 3805 }
- 3806
- 3807 if (!empty($this->serialNumber)) {
- 3808 $crlNumber = $this->serialNumber;
- 3809 } else {
- 3810 $crlNumber = $this->getExtension('id-ce-cRLNumber');
- 3811
- 3812
- 3813
- 3814
- 3815
- 3816 $crlNumber = $crlNumber !== false ? $crlNumber->add(new Math_BigInteger(1)) : null;
- 3817 }
- 3818
- 3819 $this->removeExtension('id-ce-authorityKeyIdentifier');
- 3820 $this->removeExtension('id-ce-issuerAltName');
- 3821
- 3822
- 3823 $version = isset($tbsCertList['version']) ? $tbsCertList['version'] : 0;
- 3824 if (!$version) {
- 3825 if (!empty($tbsCertList['crlExtensions'])) {
- 3826 $version = 1;
- 3827 } elseif (!empty($tbsCertList['revokedCertificates'])) {
- 3828 foreach ($tbsCertList['revokedCertificates'] as $cert) {
- 3829 if (!empty($cert['crlEntryExtensions'])) {
- 3830 $version = 1;
- 3831 }
- 3832 }
- 3833 }
- 3834
- 3835 if ($version) {
- 3836 $tbsCertList['version'] = $version;
- 3837 }
- 3838 }
- 3839
- 3840
- 3841 if (!empty($tbsCertList['version'])) {
- 3842 if (!empty($crlNumber)) {
- 3843 $this->setExtension('id-ce-cRLNumber', $crlNumber);
- 3844 }
- 3845
- 3846 if (isset($issuer->currentKeyIdentifier)) {
- 3847 $this->setExtension('id-ce-authorityKeyIdentifier', array(
- 3848
- 3849
- 3850
- 3851
- 3852
- 3853 'keyIdentifier' => $issuer->currentKeyIdentifier
- 3854 ));
- 3855
- 3856
- 3857
- 3858
- 3859
- 3860 }
- 3861
- 3862 $issuerAltName = $this->getExtension('id-ce-subjectAltName', $issuer->currentCert);
- 3863
- 3864 if ($issuerAltName !== false) {
- 3865 $this->setExtension('id-ce-issuerAltName', $issuerAltName);
- 3866 }
- 3867 }
- 3868
- 3869 if (empty($tbsCertList['revokedCertificates'])) {
- 3870 unset($tbsCertList['revokedCertificates']);
- 3871 }
- 3872
- 3873 unset($tbsCertList);
- 3874
- 3875
- 3876
- 3877 $tbsCertList = $this->currentCert['tbsCertList'];
- 3878 $this->loadCRL($this->saveCRL($this->currentCert));
- 3879
- 3880 $result = $this->_sign($issuer->privateKey, $signatureAlgorithm);
- 3881 $result['tbsCertList'] = $tbsCertList;
- 3882
- 3883 $this->currentCert = $currentCert;
- 3884 $this->signatureSubject = $signatureSubject;
- 3885
- 3886 return $result;
- 3887 }
- 3888
- 3889
- 3890
- 3891
- 3892
- 3893
- 3894
- 3895
- 3896
- 3897
- 3898 function _sign($key, $signatureAlgorithm)
- 3899 {
- 3900 switch (strtolower(get_class($key))) {
- 3901 case 'crypt_rsa':
- 3902 switch ($signatureAlgorithm) {
- 3903 case 'md2WithRSAEncryption':
- 3904 case 'md5WithRSAEncryption':
- 3905 case 'sha1WithRSAEncryption':
- 3906 case 'sha224WithRSAEncryption':
- 3907 case 'sha256WithRSAEncryption':
- 3908 case 'sha384WithRSAEncryption':
- 3909 case 'sha512WithRSAEncryption':
- 3910 $key->setHash(preg_replace('#WithRSAEncryption$#', '', $signatureAlgorithm));
- 3911 $key->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1);
- 3912
- 3913 $this->currentCert['signature'] = base64_encode("\0" . $key->sign($this->signatureSubject));
- 3914 return $this->currentCert;
- 3915 }
- 3916 default:
- 3917 return false;
- 3918 }
- 3919 }
- 3920
- 3921
- 3922
- 3923
- 3924
- 3925
- 3926
- 3927 function setStartDate($date)
- 3928 {
- 3929 if (class_exists('DateTime')) {
- 3930 $date = new DateTime($date, new DateTimeZone(@date_default_timezone_get()));
- 3931 $this->startDate = $date->format('D, d M Y H:i:s O');
- 3932 } else {
- 3933 $this->startDate = @date('D, d M Y H:i:s O', @strtotime($date));
- 3934 }
- 3935 }
- 3936
- 3937
- 3938
- 3939
- 3940
- 3941
- 3942
- 3943 function setEndDate($date)
- 3944 {
- 3945
- 3946
- 3947
- 3948
- 3949
- 3950
- 3951
- 3952 if (strtolower($date) == 'lifetime') {
- 3953 $temp = '99991231235959Z';
- 3954 $asn1 = new File_ASN1();
- 3955 $temp = chr(FILE_ASN1_TYPE_GENERALIZED_TIME) . $asn1->_encodeLength(strlen($temp)) . $temp;
- 3956 $this->endDate = new File_ASN1_Element($temp);
- 3957 } else {
- 3958 if (class_exists('DateTime')) {
- 3959 $date = new DateTime($date, new DateTimeZone(@date_default_timezone_get()));
- 3960 $this->endDate = $date->format('D, d M Y H:i:s O');
- 3961 } else {
- 3962 $this->endDate = @date('D, d M Y H:i:s O', @strtotime($date));
- 3963 }
- 3964 }
- 3965 }
- 3966
- 3967
- 3968
- 3969
- 3970
- 3971
- 3972
- 3973
- 3974 function setSerialNumber($serial, $base = -256)
- 3975 {
- 3976 $this->serialNumber = new Math_BigInteger($serial, $base);
- 3977 }
- 3978
- 3979
- 3980
- 3981
- 3982
- 3983
- 3984 function makeCA()
- 3985 {
- 3986 $this->caFlag = true;
- 3987 }
- 3988
- 3989
- 3990
- 3991
- 3992
- 3993
- 3994
- 3995
- 3996
- 3997
- 3998
- 3999
- 4000
- 4001 function _isSubArrayValid($root, $path)
- 4002 {
- 4003 if (!is_array($root)) {
- 4004 return false;
- 4005 }
- 4006
- 4007 foreach (explode('/', $path) as $i) {
- 4008 if (!is_array($root)) {
- 4009 return false;
- 4010 }
- 4011
- 4012 if (!isset($root[$i])) {
- 4013 return true;
- 4014 }
- 4015
- 4016 $root = $root[$i];
- 4017 }
- 4018
- 4019 return true;
- 4020 }
- 4021
- 4022
- 4023
- 4024
- 4025
- 4026
- 4027
- 4028
- 4029
- 4030
- 4031
- 4032
- 4033
- 4034
- 4035
- 4036
- 4037
- 4038 function &_subArrayUnchecked(&$root, $path, $create = false)
- 4039 {
- 4040 $false = false;
- 4041
- 4042 foreach (explode('/', $path) as $i) {
- 4043 if (!isset($root[$i])) {
- 4044 if (!$create) {
- 4045 return $false;
- 4046 }
- 4047
- 4048 $root[$i] = array();
- 4049 }
- 4050
- 4051 $root = &$root[$i];
- 4052 }
- 4053
- 4054 return $root;
- 4055 }
- 4056
- 4057
- 4058
- 4059
- 4060
- 4061
- 4062
- 4063
- 4064
- 4065
- 4066 function &_subArray(&$root, $path, $create = false)
- 4067 {
- 4068 $false = false;
- 4069
- 4070 if (!is_array($root)) {
- 4071 return $false;
- 4072 }
- 4073
- 4074 foreach (explode('/', $path) as $i) {
- 4075 if (!is_array($root)) {
- 4076 return $false;
- 4077 }
- 4078
- 4079 if (!isset($root[$i])) {
- 4080 if (!$create) {
- 4081 return $false;
- 4082 }
- 4083
- 4084 $root[$i] = array();
- 4085 }
- 4086
- 4087 $root = &$root[$i];
- 4088 }
- 4089
- 4090 return $root;
- 4091 }
- 4092
- 4093
- 4094
- 4095
- 4096
- 4097
- 4098
- 4099
- 4100
- 4101
- 4102 function &_extensions(&$root, $path = null, $create = false)
- 4103 {
- 4104 if (!isset($root)) {
- 4105 $root = $this->currentCert;
- 4106 }
- 4107
- 4108 switch (true) {
- 4109 case !empty($path):
- 4110 case !is_array($root):
- 4111 break;
- 4112 case isset($root['tbsCertificate']):
- 4113 $path = 'tbsCertificate/extensions';
- 4114 break;
- 4115 case isset($root['tbsCertList']):
- 4116 $path = 'tbsCertList/crlExtensions';
- 4117 break;
- 4118 case isset($root['certificationRequestInfo']):
- 4119 $pth = 'certificationRequestInfo/attributes';
- 4120 $attributes = &$this->_subArray($root, $pth, $create);
- 4121
- 4122 if (is_array($attributes)) {
- 4123 foreach ($attributes as $key => $value) {
- 4124 if ($value['type'] == 'pkcs-9-at-extensionRequest') {
- 4125 $path = "$pth/$key/value/0";
- 4126 break 2;
- 4127 }
- 4128 }
- 4129 if ($create) {
- 4130 $key = count($attributes);
- 4131 $attributes[] = array('type' => 'pkcs-9-at-extensionRequest', 'value' => array());
- 4132 $path = "$pth/$key/value/0";
- 4133 }
- 4134 }
- 4135 break;
- 4136 }
- 4137
- 4138 $extensions = &$this->_subArray($root, $path, $create);
- 4139
- 4140 if (!is_array($extensions)) {
- 4141 $false = false;
- 4142 return $false;
- 4143 }
- 4144
- 4145 return $extensions;
- 4146 }
- 4147
- 4148
- 4149
- 4150
- 4151
- 4152
- 4153
- 4154
- 4155
- 4156 function _removeExtension($id, $path = null)
- 4157 {
- 4158 $extensions = &$this->_extensions($this->currentCert, $path);
- 4159
- 4160 if (!is_array($extensions)) {
- 4161 return false;
- 4162 }
- 4163
- 4164 $result = false;
- 4165 foreach ($extensions as $key => $value) {
- 4166 if ($value['extnId'] == $id) {
- 4167 unset($extensions[$key]);
- 4168 $result = true;
- 4169 }
- 4170 }
- 4171
- 4172 $extensions = array_values($extensions);
- 4173
- 4174 if (!isset($extensions[0])) {
- 4175 $extensions = array_splice($extensions, 0, 0);
- 4176 }
- 4177 return $result;
- 4178 }
- 4179
- 4180
- 4181
- 4182
- 4183
- 4184
- 4185
- 4186
- 4187
- 4188
- 4189
- 4190
- 4191 function _getExtension($id, $cert = null, $path = null)
- 4192 {
- 4193 $extensions = $this->_extensions($cert, $path);
- 4194
- 4195 if (!is_array($extensions)) {
- 4196 return false;
- 4197 }
- 4198
- 4199 foreach ($extensions as $key => $value) {
- 4200 if ($value['extnId'] == $id) {
- 4201 return $value['extnValue'];
- 4202 }
- 4203 }
- 4204
- 4205 return false;
- 4206 }
- 4207
- 4208
- 4209
- 4210
- 4211
- 4212
- 4213
- 4214
- 4215
- 4216 function _getExtensions($cert = null, $path = null)
- 4217 {
- 4218 $exts = $this->_extensions($cert, $path);
- 4219 $extensions = array();
- 4220
- 4221 if (is_array($exts)) {
- 4222 foreach ($exts as $extension) {
- 4223 $extensions[] = $extension['extnId'];
- 4224 }
- 4225 }
- 4226
- 4227 return $extensions;
- 4228 }
- 4229
- 4230
- 4231
- 4232
- 4233
- 4234
- 4235
- 4236
- 4237
- 4238
- 4239
- 4240
- 4241 function _setExtension($id, $value, $critical = false, $replace = true, $path = null)
- 4242 {
- 4243 $extensions = &$this->_extensions($this->currentCert, $path, true);
- 4244
- 4245 if (!is_array($extensions)) {
- 4246 return false;
- 4247 }
- 4248
- 4249 $newext = array('extnId' => $id, 'critical' => $critical, 'extnValue' => $value);
- 4250
- 4251 foreach ($extensions as $key => $value) {
- 4252 if ($value['extnId'] == $id) {
- 4253 if (!$replace) {
- 4254 return false;
- 4255 }
- 4256
- 4257 $extensions[$key] = $newext;
- 4258 return true;
- 4259 }
- 4260 }
- 4261
- 4262 $extensions[] = $newext;
- 4263 return true;
- 4264 }
- 4265
- 4266
- 4267
- 4268
- 4269
- 4270
- 4271
- 4272
- 4273 function removeExtension($id)
- 4274 {
- 4275 return $this->_removeExtension($id);
- 4276 }
- 4277
- 4278
- 4279
- 4280
- 4281
- 4282
- 4283
- 4284
- 4285
- 4286
- 4287
- 4288 function getExtension($id, $cert = null)
- 4289 {
- 4290 return $this->_getExtension($id, $cert);
- 4291 }
- 4292
- 4293
- 4294
- 4295
- 4296
- 4297
- 4298
- 4299
- 4300 function getExtensions($cert = null)
- 4301 {
- 4302 return $this->_getExtensions($cert);
- 4303 }
- 4304
- 4305
- 4306
- 4307
- 4308
- 4309
- 4310
- 4311
- 4312
- 4313
- 4314
- 4315 function setExtension($id, $value, $critical = false, $replace = true)
- 4316 {
- 4317 return $this->_setExtension($id, $value, $critical, $replace);
- 4318 }
- 4319
- 4320
- 4321
- 4322
- 4323
- 4324
- 4325
- 4326
- 4327
- 4328 function removeAttribute($id, $disposition = FILE_X509_ATTR_ALL)
- 4329 {
- 4330 $attributes = &$this->_subArray($this->currentCert, 'certificationRequestInfo/attributes');
- 4331
- 4332 if (!is_array($attributes)) {
- 4333 return false;
- 4334 }
- 4335
- 4336 $result = false;
- 4337 foreach ($attributes as $key => $attribute) {
- 4338 if ($attribute['type'] == $id) {
- 4339 $n = count($attribute['value']);
- 4340 switch (true) {
- 4341 case $disposition == FILE_X509_ATTR_APPEND:
- 4342 case $disposition == FILE_X509_ATTR_REPLACE:
- 4343 return false;
- 4344 case $disposition >= $n:
- 4345 $disposition -= $n;
- 4346 break;
- 4347 case $disposition == FILE_X509_ATTR_ALL:
- 4348 case $n == 1:
- 4349 unset($attributes[$key]);
- 4350 $result = true;
- 4351 break;
- 4352 default:
- 4353 unset($attributes[$key]['value'][$disposition]);
- 4354 $attributes[$key]['value'] = array_values($attributes[$key]['value']);
- 4355 $result = true;
- 4356 break;
- 4357 }
- 4358 if ($result && $disposition != FILE_X509_ATTR_ALL) {
- 4359 break;
- 4360 }
- 4361 }
- 4362 }
- 4363
- 4364 $attributes = array_values($attributes);
- 4365 return $result;
- 4366 }
- 4367
- 4368
- 4369
- 4370
- 4371
- 4372
- 4373
- 4374
- 4375
- 4376
- 4377
- 4378
- 4379 function getAttribute($id, $disposition = FILE_X509_ATTR_ALL, $csr = null)
- 4380 {
- 4381 if (empty($csr)) {
- 4382 $csr = $this->currentCert;
- 4383 }
- 4384
- 4385 $attributes = $this->_subArray($csr, 'certificationRequestInfo/attributes');
- 4386
- 4387 if (!is_array($attributes)) {
- 4388 return false;
- 4389 }
- 4390
- 4391 foreach ($attributes as $key => $attribute) {
- 4392 if ($attribute['type'] == $id) {
- 4393 $n = count($attribute['value']);
- 4394 switch (true) {
- 4395 case $disposition == FILE_X509_ATTR_APPEND:
- 4396 case $disposition == FILE_X509_ATTR_REPLACE:
- 4397 return false;
- 4398 case $disposition == FILE_X509_ATTR_ALL:
- 4399 return $attribute['value'];
- 4400 case $disposition >= $n:
- 4401 $disposition -= $n;
- 4402 break;
- 4403 default:
- 4404 return $attribute['value'][$disposition];
- 4405 }
- 4406 }
- 4407 }
- 4408
- 4409 return false;
- 4410 }
- 4411
- 4412
- 4413
- 4414
- 4415
- 4416
- 4417
- 4418
- 4419 function getAttributes($csr = null)
- 4420 {
- 4421 if (empty($csr)) {
- 4422 $csr = $this->currentCert;
- 4423 }
- 4424
- 4425 $attributes = $this->_subArray($csr, 'certificationRequestInfo/attributes');
- 4426 $attrs = array();
- 4427
- 4428 if (is_array($attributes)) {
- 4429 foreach ($attributes as $attribute) {
- 4430 $attrs[] = $attribute['type'];
- 4431 }
- 4432 }
- 4433
- 4434 return $attrs;
- 4435 }
- 4436
- 4437
- 4438
- 4439
- 4440
- 4441
- 4442
- 4443
- 4444
- 4445
- 4446 function setAttribute($id, $value, $disposition = FILE_X509_ATTR_ALL)
- 4447 {
- 4448 $attributes = &$this->_subArray($this->currentCert, 'certificationRequestInfo/attributes', true);
- 4449
- 4450 if (!is_array($attributes)) {
- 4451 return false;
- 4452 }
- 4453
- 4454 switch ($disposition) {
- 4455 case FILE_X509_ATTR_REPLACE:
- 4456 $disposition = FILE_X509_ATTR_APPEND;
- 4457 case FILE_X509_ATTR_ALL:
- 4458 $this->removeAttribute($id);
- 4459 break;
- 4460 }
- 4461
- 4462 foreach ($attributes as $key => $attribute) {
- 4463 if ($attribute['type'] == $id) {
- 4464 $n = count($attribute['value']);
- 4465 switch (true) {
- 4466 case $disposition == FILE_X509_ATTR_APPEND:
- 4467 $last = $key;
- 4468 break;
- 4469 case $disposition >= $n:
- 4470 $disposition -= $n;
- 4471 break;
- 4472 default:
- 4473 $attributes[$key]['value'][$disposition] = $value;
- 4474 return true;
- 4475 }
- 4476 }
- 4477 }
- 4478
- 4479 switch (true) {
- 4480 case $disposition >= 0:
- 4481 return false;
- 4482 case isset($last):
- 4483 $attributes[$last]['value'][] = $value;
- 4484 break;
- 4485 default:
- 4486 $attributes[] = array('type' => $id, 'value' => $disposition == FILE_X509_ATTR_ALL ? $value: array($value));
- 4487 break;
- 4488 }
- 4489
- 4490 return true;
- 4491 }
- 4492
- 4493
- 4494
- 4495
- 4496
- 4497
- 4498
- 4499
- 4500
- 4501 function setKeyIdentifier($value)
- 4502 {
- 4503 if (empty($value)) {
- 4504 unset($this->currentKeyIdentifier);
- 4505 } else {
- 4506 $this->currentKeyIdentifier = base64_encode($value);
- 4507 }
- 4508 }
- 4509
- 4510
- 4511
- 4512
- 4513
- 4514
- 4515
- 4516
- 4517
- 4518
- 4519
- 4520
- 4521
- 4522
- 4523
- 4524
- 4525
- 4526
- 4527
- 4528 function computeKeyIdentifier($key = null, $method = 1)
- 4529 {
- 4530 if (is_null($key)) {
- 4531 $key = $this;
- 4532 }
- 4533
- 4534 switch (true) {
- 4535 case is_string($key):
- 4536 break;
- 4537 case is_array($key) && isset($key['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey']):
- 4538 return $this->computeKeyIdentifier($key['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey'], $method);
- 4539 case is_array($key) && isset($key['certificationRequestInfo']['subjectPKInfo']['subjectPublicKey']):
- 4540 return $this->computeKeyIdentifier($key['certificationRequestInfo']['subjectPKInfo']['subjectPublicKey'], $method);
- 4541 case !is_object($key):
- 4542 return false;
- 4543 case strtolower(get_class($key)) == 'file_asn1_element':
- 4544
- 4545 $asn1 = new File_ASN1();
- 4546 $decoded = $asn1->decodeBER($key->element);
- 4547 if (empty($decoded)) {
- 4548 return false;
- 4549 }
- 4550 $raw = $asn1->asn1map($decoded[0], array('type' => FILE_ASN1_TYPE_BIT_STRING));
- 4551 if (empty($raw)) {
- 4552 return false;
- 4553 }
- 4554 $raw = base64_decode($raw);
- 4555
- 4556 if (!class_exists('Crypt_RSA')) {
- 4557 include_once 'Crypt/RSA.php';
- 4558 }
- 4559 $key = new Crypt_RSA();
- 4560 if (!$key->loadKey($raw)) {
- 4561 return false;
- 4562 }
- 4563 if ($key->getPrivateKey() !== false) {
- 4564 return $this->computeKeyIdentifier($key, $method);
- 4565 }
- 4566 $key = $raw;
- 4567 break;
- 4568 case strtolower(get_class($key)) == 'file_x509':
- 4569 if (isset($key->publicKey)) {
- 4570 return $this->computeKeyIdentifier($key->publicKey, $method);
- 4571 }
- 4572 if (isset($key->privateKey)) {
- 4573 return $this->computeKeyIdentifier($key->privateKey, $method);
- 4574 }
- 4575 if (isset($key->currentCert['tbsCertificate']) || isset($key->currentCert['certificationRequestInfo'])) {
- 4576 return $this->computeKeyIdentifier($key->currentCert, $method);
- 4577 }
- 4578 return false;
- 4579 default:
- 4580 $key = $key->getPublicKey(CRYPT_RSA_PUBLIC_FORMAT_PKCS1);
- 4581 break;
- 4582 }
- 4583
- 4584
- 4585 $key = $this->_extractBER($key);
- 4586
- 4587
- 4588 if (!class_exists('Crypt_Hash')) {
- 4589 include_once 'Crypt/Hash.php';
- 4590 }
- 4591 $hash = new Crypt_Hash('sha1');
- 4592 $hash = $hash->hash($key);
- 4593
- 4594 if ($method == 2) {
- 4595 $hash = substr($hash, -8);
- 4596 $hash[0] = chr((ord($hash[0]) & 0x0F) | 0x40);
- 4597 }
- 4598
- 4599 return $hash;
- 4600 }
- 4601
- 4602
- 4603
- 4604
- 4605
- 4606
- 4607
- 4608 function _formatSubjectPublicKey()
- 4609 {
- 4610 if (!isset($this->publicKey) || !is_object($this->publicKey)) {
- 4611 return false;
- 4612 }
- 4613
- 4614 switch (strtolower(get_class($this->publicKey))) {
- 4615 case 'crypt_rsa':
- 4616
- 4617
- 4618
- 4619 return array(
- 4620 'algorithm' => array('algorithm' => 'rsaEncryption'),
- 4621 'subjectPublicKey' => $this->publicKey->getPublicKey(CRYPT_RSA_PUBLIC_FORMAT_PKCS1)
- 4622 );
- 4623 default:
- 4624 return false;
- 4625 }
- 4626 }
- 4627
- 4628
- 4629
- 4630
- 4631
- 4632
- 4633
- 4634 function setDomain()
- 4635 {
- 4636 $this->domains = func_get_args();
- 4637 $this->removeDNProp('id-at-commonName');
- 4638 $this->setDNProp('id-at-commonName', $this->domains[0]);
- 4639 }
- 4640
- 4641
- 4642
- 4643
- 4644
- 4645
- 4646
- 4647 function setIPAddress()
- 4648 {
- 4649 $this->ipAddresses = func_get_args();
- 4650
- 4651
- 4652
- 4653
- 4654
- 4655
- 4656 }
- 4657
- 4658
- 4659
- 4660
- 4661
- 4662
- 4663
- 4664
- 4665 function _dnsName($domain)
- 4666 {
- 4667 return array('dNSName' => $domain);
- 4668 }
- 4669
- 4670
- 4671
- 4672
- 4673
- 4674
- 4675
- 4676
- 4677
- 4678
- 4679 function _iPAddress($address)
- 4680 {
- 4681 return array('iPAddress' => $address);
- 4682 }
- 4683
- 4684
- 4685
- 4686
- 4687
- 4688
- 4689
- 4690
- 4691
- 4692
- 4693 function _revokedCertificate(&$rclist, $serial, $create = false)
- 4694 {
- 4695 $serial = new Math_BigInteger($serial);
- 4696
- 4697 foreach ($rclist as $i => $rc) {
- 4698 if (!($serial->compare($rc['userCertificate']))) {
- 4699 return $i;
- 4700 }
- 4701 }
- 4702
- 4703 if (!$create) {
- 4704 return false;
- 4705 }
- 4706
- 4707 if (!class_exists('DateTime')) {
- 4708 $revocationDate = @date('D, d M Y H:i:s O');
- 4709 } else {
- 4710 $revocationDate = new DateTime('now', new DateTimeZone(@date_default_timezone_get()));
- 4711 $revocationDate = $revocationDate->format('D, d M Y H:i:s O');
- 4712 }
- 4713
- 4714 $i = count($rclist);
- 4715 $rclist[] = array('userCertificate' => $serial,
- 4716 'revocationDate' => $this->_timeField($revocationDate));
- 4717 return $i;
- 4718 }
- 4719
- 4720
- 4721
- 4722
- 4723
- 4724
- 4725
- 4726
- 4727
- 4728 function revoke($serial, $date = null)
- 4729 {
- 4730 if (isset($this->currentCert['tbsCertList'])) {
- 4731 if (is_array($rclist = &$this->_subArray($this->currentCert, 'tbsCertList/revokedCertificates', true))) {
- 4732 if ($this->_revokedCertificate($rclist, $serial) === false) {
- 4733 if (($i = $this->_revokedCertificate($rclist, $serial, true)) !== false) {
- 4734 if (!empty($date)) {
- 4735 $rclist[$i]['revocationDate'] = $this->_timeField($date);
- 4736 }
- 4737
- 4738 return true;
- 4739 }
- 4740 }
- 4741 }
- 4742 }
- 4743
- 4744 return false;
- 4745 }
- 4746
- 4747
- 4748
- 4749
- 4750
- 4751
- 4752
- 4753
- 4754 function unrevoke($serial)
- 4755 {
- 4756 if (is_array($rclist = &$this->_subArray($this->currentCert, 'tbsCertList/revokedCertificates'))) {
- 4757 if (($i = $this->_revokedCertificate($rclist, $serial)) !== false) {
- 4758 unset($rclist[$i]);
- 4759 $rclist = array_values($rclist);
- 4760 return true;
- 4761 }
- 4762 }
- 4763
- 4764 return false;
- 4765 }
- 4766
- 4767
- 4768
- 4769
- 4770
- 4771
- 4772
- 4773
- 4774 function getRevoked($serial)
- 4775 {
- 4776 if (is_array($rclist = $this->_subArray($this->currentCert, 'tbsCertList/revokedCertificates'))) {
- 4777 if (($i = $this->_revokedCertificate($rclist, $serial)) !== false) {
- 4778 return $rclist[$i];
- 4779 }
- 4780 }
- 4781
- 4782 return false;
- 4783 }
- 4784
- 4785
- 4786
- 4787
- 4788
- 4789
- 4790
- 4791
- 4792 function listRevoked($crl = null)
- 4793 {
- 4794 if (!isset($crl)) {
- 4795 $crl = $this->currentCert;
- 4796 }
- 4797
- 4798 if (!isset($crl['tbsCertList'])) {
- 4799 return false;
- 4800 }
- 4801
- 4802 $result = array();
- 4803
- 4804 if (is_array($rclist = $this->_subArray($crl, 'tbsCertList/revokedCertificates'))) {
- 4805 foreach ($rclist as $rc) {
- 4806 $result[] = $rc['userCertificate']->toString();
- 4807 }
- 4808 }
- 4809
- 4810 return $result;
- 4811 }
- 4812
- 4813
- 4814
- 4815
- 4816
- 4817
- 4818
- 4819
- 4820
- 4821 function removeRevokedCertificateExtension($serial, $id)
- 4822 {
- 4823 if (is_array($rclist = &$this->_subArray($this->currentCert, 'tbsCertList/revokedCertificates'))) {
- 4824 if (($i = $this->_revokedCertificate($rclist, $serial)) !== false) {
- 4825 return $this->_removeExtension($id, "tbsCertList/revokedCertificates/$i/crlEntryExtensions");
- 4826 }
- 4827 }
- 4828
- 4829 return false;
- 4830 }
- 4831
- 4832
- 4833
- 4834
- 4835
- 4836
- 4837
- 4838
- 4839
- 4840
- 4841
- 4842
- 4843 function getRevokedCertificateExtension($serial, $id, $crl = null)
- 4844 {
- 4845 if (!isset($crl)) {
- 4846 $crl = $this->currentCert;
- 4847 }
- 4848
- 4849 if (is_array($rclist = $this->_subArray($crl, 'tbsCertList/revokedCertificates'))) {
- 4850 if (($i = $this->_revokedCertificate($rclist, $serial)) !== false) {
- 4851 return $this->_getExtension($id, $crl, "tbsCertList/revokedCertificates/$i/crlEntryExtensions");
- 4852 }
- 4853 }
- 4854
- 4855 return false;
- 4856 }
- 4857
- 4858
- 4859
- 4860
- 4861
- 4862
- 4863
- 4864
- 4865
- 4866 function getRevokedCertificateExtensions($serial, $crl = null)
- 4867 {
- 4868 if (!isset($crl)) {
- 4869 $crl = $this->currentCert;
- 4870 }
- 4871
- 4872 if (is_array($rclist = $this->_subArray($crl, 'tbsCertList/revokedCertificates'))) {
- 4873 if (($i = $this->_revokedCertificate($rclist, $serial)) !== false) {
- 4874 return $this->_getExtensions($crl, "tbsCertList/revokedCertificates/$i/crlEntryExtensions");
- 4875 }
- 4876 }
- 4877
- 4878 return false;
- 4879 }
- 4880
- 4881
- 4882
- 4883
- 4884
- 4885
- 4886
- 4887
- 4888
- 4889
- 4890
- 4891
- 4892 function setRevokedCertificateExtension($serial, $id, $value, $critical = false, $replace = true)
- 4893 {
- 4894 if (isset($this->currentCert['tbsCertList'])) {
- 4895 if (is_array($rclist = &$this->_subArray($this->currentCert, 'tbsCertList/revokedCertificates', true))) {
- 4896 if (($i = $this->_revokedCertificate($rclist, $serial, true)) !== false) {
- 4897 return $this->_setExtension($id, $value, $critical, $replace, "tbsCertList/revokedCertificates/$i/crlEntryExtensions");
- 4898 }
- 4899 }
- 4900 }
- 4901
- 4902 return false;
- 4903 }
- 4904
- 4905
- 4906
- 4907
- 4908
- 4909
- 4910
- 4911
- 4912 function _extractBER($str)
- 4913 {
- 4914
- 4915
- 4916
- 4917
- 4918
- 4919
- 4920
- 4921
- 4922
- 4923 $temp = preg_replace('#.*?^-+[^-]+-+[\r\n ]*$#ms', '', $str, 1);
- 4924
- 4925 $temp = preg_replace('#-+[^-]+-+#', '', $temp);
- 4926
- 4927 $temp = str_replace(array("\r", "\n", ' '), '', $temp);
- 4928 $temp = preg_match('#^[a-zA-Z\d/+]*={0,2}$#', $temp) ? base64_decode($temp) : false;
- 4929 return $temp != false ? $temp : $str;
- 4930 }
- 4931
- 4932
- 4933
- 4934
- 4935
- 4936
- 4937
- 4938
- 4939
- 4940
- 4941
- 4942
- 4943
- 4944
- 4945
- 4946
- 4947
- 4948
- 4949
- 4950 function getOID($name)
- 4951 {
- 4952 static $reverseMap;
- 4953 if (!isset($reverseMap)) {
- 4954 $reverseMap = array_flip($this->oids);
- 4955 }
- 4956 return isset($reverseMap[$name]) ? $reverseMap[$name] : $name;
- 4957 }
- 4958 }